From a655b69ef7e40d49a5fec40f02bce5c7cf62cf62 Mon Sep 17 00:00:00 2001 From: docs-bot <77750099+docs-bot@users.noreply.github.com> Date: Thu, 11 Dec 2025 01:59:25 -0800 Subject: [PATCH] Update audit log event data (#58797) Co-authored-by: Sophie <29382425+sophietheking@users.noreply.github.com> --- src/audit-logs/data/ghec/enterprise.json | 17 ----------------- src/audit-logs/data/ghes-3.14/enterprise.json | 17 ----------------- src/audit-logs/data/ghes-3.14/organization.json | 17 ----------------- src/audit-logs/data/ghes-3.15/enterprise.json | 17 ----------------- src/audit-logs/data/ghes-3.16/enterprise.json | 17 ----------------- src/audit-logs/data/ghes-3.17/enterprise.json | 17 ----------------- src/audit-logs/data/ghes-3.18/enterprise.json | 17 ----------------- src/audit-logs/data/ghes-3.19/enterprise.json | 17 ----------------- src/audit-logs/lib/config.json | 2 +- 9 files changed, 1 insertion(+), 137 deletions(-) diff --git a/src/audit-logs/data/ghec/enterprise.json b/src/audit-logs/data/ghec/enterprise.json index 0f4e3b71e6..245b65f967 100644 --- a/src/audit-logs/data/ghec/enterprise.json +++ b/src/audit-logs/data/ghec/enterprise.json @@ -3570,23 +3570,6 @@ ], "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" }, - { - "action": "code.search", - "description": "A code search was run targeting an organization. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", - "docs_reference_links": "/search-github/github-code-search", - "fields": [ - "@timestamp", - "action", - "actor_id", - "business_id", - "query", - "org_id", - "user_id", - "_document_id", - "search_string" - ], - "docs_reference_titles": "/search-github/github-code-search" - }, { "action": "codespaces.allow_permissions", "description": "A codespace using custom permissions from its devcontainer.json file was launched.", diff --git a/src/audit-logs/data/ghes-3.14/enterprise.json b/src/audit-logs/data/ghes-3.14/enterprise.json index b5a4813ef3..30218c91ed 100644 --- a/src/audit-logs/data/ghes-3.14/enterprise.json +++ b/src/audit-logs/data/ghes-3.14/enterprise.json @@ -1831,23 +1831,6 @@ "programmatic_access_type" ] }, - { - "action": "code.search", - "description": "A code search was run targeting an organization. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", - "docs_reference_links": "/search-github/github-code-search", - "fields": [ - "@timestamp", - "action", - "actor_id", - "business_id", - "query", - "org_id", - "user_id", - "_document_id", - "search_string" - ], - "docs_reference_titles": "/search-github/github-code-search" - }, { "action": "codespaces.allow_permissions", "description": "A codespace using custom permissions from its devcontainer.json file was launched.", diff --git a/src/audit-logs/data/ghes-3.14/organization.json b/src/audit-logs/data/ghes-3.14/organization.json index 3e1d456d7b..723dd450df 100644 --- a/src/audit-logs/data/ghes-3.14/organization.json +++ b/src/audit-logs/data/ghes-3.14/organization.json @@ -362,23 +362,6 @@ "programmatic_access_type" ] }, - { - "action": "code.search", - "description": "A code search was run targeting an organization. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", - "docs_reference_links": "/search-github/github-code-search", - "fields": [ - "@timestamp", - "action", - "actor_id", - "business_id", - "query", - "org_id", - "user_id", - "_document_id", - "search_string" - ], - "docs_reference_titles": "/search-github/github-code-search" - }, { "action": "codespaces.allow_permissions", "description": "A codespace using custom permissions from its devcontainer.json file was launched.", diff --git a/src/audit-logs/data/ghes-3.15/enterprise.json b/src/audit-logs/data/ghes-3.15/enterprise.json index c676a2320b..7a2bcb7581 100644 --- a/src/audit-logs/data/ghes-3.15/enterprise.json +++ b/src/audit-logs/data/ghes-3.15/enterprise.json @@ -1831,23 +1831,6 @@ "programmatic_access_type" ] }, - { - "action": "code.search", - "description": "A code search was run targeting an organization. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", - "docs_reference_links": "/search-github/github-code-search", - "fields": [ - "@timestamp", - "action", - "actor_id", - "business_id", - "query", - "org_id", - "user_id", - "_document_id", - "search_string" - ], - "docs_reference_titles": "/search-github/github-code-search" - }, { "action": "codespaces.allow_permissions", "description": "A codespace using custom permissions from its devcontainer.json file was launched.", diff --git a/src/audit-logs/data/ghes-3.16/enterprise.json b/src/audit-logs/data/ghes-3.16/enterprise.json index aa9ef721b3..c0a1d0d06d 100644 --- a/src/audit-logs/data/ghes-3.16/enterprise.json +++ b/src/audit-logs/data/ghes-3.16/enterprise.json @@ -2064,23 +2064,6 @@ ], "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" }, - { - "action": "code.search", - "description": "A code search was run targeting an organization. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", - "docs_reference_links": "/search-github/github-code-search", - "fields": [ - "@timestamp", - "action", - "actor_id", - "business_id", - "query", - "org_id", - "user_id", - "_document_id", - "search_string" - ], - "docs_reference_titles": "/search-github/github-code-search" - }, { "action": "codespaces.allow_permissions", "description": "A codespace using custom permissions from its devcontainer.json file was launched.", diff --git a/src/audit-logs/data/ghes-3.17/enterprise.json b/src/audit-logs/data/ghes-3.17/enterprise.json index 5e1d9b8c8a..16783fc705 100644 --- a/src/audit-logs/data/ghes-3.17/enterprise.json +++ b/src/audit-logs/data/ghes-3.17/enterprise.json @@ -2173,23 +2173,6 @@ ], "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" }, - { - "action": "code.search", - "description": "A code search was run targeting an organization. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", - "docs_reference_links": "/search-github/github-code-search", - "fields": [ - "@timestamp", - "action", - "actor_id", - "business_id", - "query", - "org_id", - "user_id", - "_document_id", - "search_string" - ], - "docs_reference_titles": "/search-github/github-code-search" - }, { "action": "codespaces.allow_permissions", "description": "A codespace using custom permissions from its devcontainer.json file was launched.", diff --git a/src/audit-logs/data/ghes-3.18/enterprise.json b/src/audit-logs/data/ghes-3.18/enterprise.json index 5aafa7eeb8..c3ed590003 100644 --- a/src/audit-logs/data/ghes-3.18/enterprise.json +++ b/src/audit-logs/data/ghes-3.18/enterprise.json @@ -2173,23 +2173,6 @@ ], "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" }, - { - "action": "code.search", - "description": "A code search was run targeting an organization. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", - "docs_reference_links": "/search-github/github-code-search", - "fields": [ - "@timestamp", - "action", - "actor_id", - "business_id", - "query", - "org_id", - "user_id", - "_document_id", - "search_string" - ], - "docs_reference_titles": "/search-github/github-code-search" - }, { "action": "codespaces.allow_permissions", "description": "A codespace using custom permissions from its devcontainer.json file was launched.", diff --git a/src/audit-logs/data/ghes-3.19/enterprise.json b/src/audit-logs/data/ghes-3.19/enterprise.json index 856ebaa166..7d39ad8315 100644 --- a/src/audit-logs/data/ghes-3.19/enterprise.json +++ b/src/audit-logs/data/ghes-3.19/enterprise.json @@ -2366,23 +2366,6 @@ ], "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning" }, - { - "action": "code.search", - "description": "A code search was run targeting an organization. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", - "docs_reference_links": "/search-github/github-code-search", - "fields": [ - "@timestamp", - "action", - "actor_id", - "business_id", - "query", - "org_id", - "user_id", - "_document_id", - "search_string" - ], - "docs_reference_titles": "/search-github/github-code-search" - }, { "action": "codespaces.allow_permissions", "description": "A codespace using custom permissions from its devcontainer.json file was launched.", diff --git a/src/audit-logs/lib/config.json b/src/audit-logs/lib/config.json index 85618ccea8..1afd3ca15f 100644 --- a/src/audit-logs/lib/config.json +++ b/src/audit-logs/lib/config.json @@ -9,5 +9,5 @@ "git": "Note: Git events have special access requirements and retention policies that differ from other audit log events. For GitHub Enterprise Cloud, access Git events via the REST API only with 7-day retention. For GitHub Enterprise Server, Git events must be enabled in audit log configuration and are not included in search results.", "sso_redirect": "Note: Automatically redirecting users to sign in is currently in beta for Enterprise Managed Users and subject to change." }, - "sha": "8efd989592ccb44cd746d9715ae6a69c87a8af8d" + "sha": "c0e079a256a9934069dee8b935190467e5fa3a5c" } \ No newline at end of file