diff --git a/src/audit-logs/data/ghes-3.14/enterprise.json b/src/audit-logs/data/ghes-3.14/enterprise.json index 727396680d..66e3b374ee 100644 --- a/src/audit-logs/data/ghes-3.14/enterprise.json +++ b/src/audit-logs/data/ghes-3.14/enterprise.json @@ -159,6 +159,11 @@ "description": "An enterprise owner cleared a restriction on repository creation in organizations in the enterprise.", "docs_reference_links": "/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#setting-a-policy-for-repository-creation" }, + { + "action": "business.code_scanning_autofix_policy_update", + "description": "The policy for Code scanning autofix was updated for an enterprise.", + "docs_reference_links": "N/A" + }, { "action": "business.create", "description": "An enterprise was created.", @@ -179,6 +184,11 @@ "description": "N/A", "docs_reference_links": "N/A" }, + { + "action": "business.disable_open_scim", + "description": "SCIM provisioning for custom integrations that use the REST API was disabled for the enterprise.", + "docs_reference_links": "N/A" + }, { "action": "business.disable_source_ip_disclosure", "description": "Display of IP addresses within audit log events for the enterprise was disabled.", @@ -189,6 +199,11 @@ "description": "The requirement for members to have two-factor authentication enabled to access an enterprise was disabled.", "docs_reference_links": "N/A" }, + { + "action": "business.enable_open_scim", + "description": "SCIM provisioning for custom integrations that use the REST API was enabled for the enterprise.", + "docs_reference_links": "N/A" + }, { "action": "business.enable_source_ip_disclosure", "description": "Display of IP addresses within audit log events for the enterprise was enabled.", @@ -229,6 +244,11 @@ "description": "The slug for the enterprise URL was renamed.", "docs_reference_links": "N/A" }, + { + "action": "business.revoke_sso_session", + "description": "The SAML single sign-on session for a member in an enterprise was revoked.", + "docs_reference_links": "N/A" + }, { "action": "business_secret_scanning_automatic_validity_checks.disabled", "description": "Automatic partner validation checks have been disabled at the business level", @@ -289,6 +309,16 @@ "description": "Secret scanning was enabled for new repositories in your enterprise.", "docs_reference_links": "/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise" }, + { + "action": "business_secret_scanning_non_provider_patterns.disabled", + "description": "Secret scanning for non-provider patterns was disabled at the enterprise level.", + "docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns" + }, + { + "action": "business_secret_scanning_non_provider_patterns.enabled", + "description": "Secret scanning for non-provider patterns was enabled at the enterprise level.", + "docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns" + }, { "action": "business_secret_scanning_push_protection_custom_message.disable", "description": "The custom message triggered by an attempted push to a push-protected repository was disabled for your enterprise.", @@ -399,6 +429,11 @@ "description": "Logs in a check suite were deleted.", "docs_reference_links": "N/A" }, + { + "action": "code.search", + "description": "A code search was run targeting an organization. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", + "docs_reference_links": "/search-github/github-code-search" + }, { "action": "codespaces.allow_permissions", "description": "A codespace using custom permissions from its devcontainer.json file was launched.", @@ -704,6 +739,41 @@ "description": "The GitHub Actions runner application was updated. This event is not included in the JSON/CSV export.", "docs_reference_links": "/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners#about-self-hosted-runners" }, + { + "action": "enterprise_team.add_member", + "description": "A new member was added to the enterprise team or an IdP group linked to an enterprise team, or an IdP group was linked to an enterprise team.", + "docs_reference_links": "N/A" + }, + { + "action": "enterprise_team.copilot_assignment", + "description": "A license for GitHub Copilot was assigned to an enterprise team.", + "docs_reference_links": "N/A" + }, + { + "action": "enterprise_team.copilot_unassignment", + "description": "A license for GitHub Copilot was unassigned from an enterprise team.", + "docs_reference_links": "N/A" + }, + { + "action": "enterprise_team.create", + "description": "A new enterprise team was created.", + "docs_reference_links": "N/A" + }, + { + "action": "enterprise_team.destroy", + "description": "An enterprise team was deleted.", + "docs_reference_links": "N/A" + }, + { + "action": "enterprise_team.remove_member", + "description": "A member was removed from the enterprise team or an IdP group linked to an enterprise team, or an IdP group was unlinked from an enterprise team.", + "docs_reference_links": "N/A" + }, + { + "action": "enterprise_team.rename", + "description": "The name of an enterprise team was changed.", + "docs_reference_links": "N/A" + }, { "action": "environment.add_protection_rule", "description": "A GitHub Actions deployment protection rule was created via the API.", @@ -759,6 +829,81 @@ "description": "A GitHub Actions deployment protection rule was updated via the API.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules" }, + { + "action": "external_group.add_member", + "description": "A user was added to an external group.", + "docs_reference_links": "N/A" + }, + { + "action": "external_group.delete", + "description": "An external group was deleted.", + "docs_reference_links": "N/A" + }, + { + "action": "external_group.link", + "description": "An external group was linked to a GitHub team.", + "docs_reference_links": "N/A" + }, + { + "action": "external_group.provision", + "description": "An external group was created.", + "docs_reference_links": "N/A" + }, + { + "action": "external_group.remove_member", + "description": "A user was removed from an external group.", + "docs_reference_links": "N/A" + }, + { + "action": "external_group.scim_api_failure", + "description": "Failed external group SCIM API request.", + "docs_reference_links": "/rest/scim/scim" + }, + { + "action": "external_group.scim_api_success", + "description": "Successful external group SCIM API request. Excludes GET API requests.", + "docs_reference_links": "/rest/scim/scim" + }, + { + "action": "external_group.unlink", + "description": "An external group was unlinked to a GitHub team.", + "docs_reference_links": "N/A" + }, + { + "action": "external_group.update", + "description": "An external group was updated.", + "docs_reference_links": "N/A" + }, + { + "action": "external_group.update_display_name", + "description": "An external group's display name was updated.", + "docs_reference_links": "N/A" + }, + { + "action": "external_identity.deprovision", + "description": "An external identity was deprovisioned, suspending the linked GitHub user.", + "docs_reference_links": "N/A" + }, + { + "action": "external_identity.provision", + "description": "An external identity was created and linked to a GitHub user.", + "docs_reference_links": "N/A" + }, + { + "action": "external_identity.scim_api_failure", + "description": "Failed external identity SCIM API request.", + "docs_reference_links": "/rest/scim/scim" + }, + { + "action": "external_identity.scim_api_success", + "description": "Successful external identity SCIM API request. Excludes GET API requests.", + "docs_reference_links": "/rest/scim/scim" + }, + { + "action": "external_identity.update", + "description": "An external identity was updated.", + "docs_reference_links": "N/A" + }, { "action": "git.clone", "description": "A repository was cloned.", @@ -1234,6 +1379,16 @@ "description": "N/A", "docs_reference_links": "N/A" }, + { + "action": "org.code_scanning_autofix_disabled", + "description": "Autofix for code scanning alerts was disabled for an organization.", + "docs_reference_links": "N/A" + }, + { + "action": "org.code_scanning_autofix_enabled", + "description": "Autofix for code scanning alerts was enabled for an organization.", + "docs_reference_links": "N/A" + }, { "action": "org.codeql_disabled", "description": "Code scanning using the default setup was disabled for an organization.", @@ -1494,6 +1649,36 @@ "description": "Changes to a custom pattern were saved and a dry run was executed for secret scanning in an organization.", "docs_reference_links": "/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#editing-a-custom-pattern" }, + { + "action": "org_secret_scanning_non_provider_patterns.disabled", + "description": "Secret scanning for non-provider patterns was disabled at the organization level.", + "docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns" + }, + { + "action": "org_secret_scanning_non_provider_patterns.enabled", + "description": "Secret scanning for non-provider patterns was enabled at the organization level.", + "docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns" + }, + { + "action": "org_secret_scanning_push_protection_bypass_list.add", + "description": "A role or team was added to the push protection bypass list at the organization level.", + "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection" + }, + { + "action": "org_secret_scanning_push_protection_bypass_list.disable", + "description": "Push protection settings for \"Users who can bypass push protection for secret scanning\" changed from \"Specific roles or teams\" to \"Anyone with write access\" at the organization level.", + "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection" + }, + { + "action": "org_secret_scanning_push_protection_bypass_list.enable", + "description": "Push protection settings for \"Users who can bypass push protection for secret scanning\" changed from \"Anyone with write access\" to \"Specific roles or teams\" at the organization level.", + "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection" + }, + { + "action": "org_secret_scanning_push_protection_bypass_list.remove", + "description": "A role or team was removed from the push protection bypass list at the organization level.", + "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection" + }, { "action": "org.secret_scanning_push_protection_custom_message_disabled", "description": "The custom message triggered by an attempted push to a push-protected repository was disabled for an organization.", @@ -2159,31 +2344,21 @@ "description": "Code scanning analysis for a repository was deleted.", "docs_reference_links": "/rest/code-scanning#delete-a-code-scanning-analysis-from-a-repository" }, + { + "action": "repo.code_scanning_autofix_disabled", + "description": "Autofix for code scanning alerts was disabled for a repository.", + "docs_reference_links": "N/A" + }, + { + "action": "repo.code_scanning_autofix_enabled", + "description": "Autofix for code scanning alerts was enabled for a repository.", + "docs_reference_links": "N/A" + }, { "action": "repo.code_scanning_configuration_for_branch_deleted", "description": "A code scanning configuration for a branch of a repository was deleted.", "docs_reference_links": "/code-security/code-scanning/managing-code-scanning-alerts/managing-code-scanning-alerts-for-your-repository#removing-stale-configurations-and-alerts-from-a-branch" }, - { - "action": "repo.code_scanning_third_party_tools_disabled", - "description": "N/A", - "docs_reference_links": "N/A" - }, - { - "action": "repo.code_scanning_third_party_tools_enabled", - "description": "N/A", - "docs_reference_links": "N/A" - }, - { - "action": "repo.codeql_advanced_disabled", - "description": "N/A", - "docs_reference_links": "N/A" - }, - { - "action": "repo.codeql_advanced_enabled", - "description": "N/A", - "docs_reference_links": "N/A" - }, { "action": "repo.codeql_disabled", "description": "Code scanning using the default setup was disabled for a repository.", @@ -2194,6 +2369,11 @@ "description": "Code scanning using the default setup was enabled for a repository.", "docs_reference_links": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning" }, + { + "action": "repo.codeql_updated", + "description": "Code scanning using the default setup was updated for a repository.", + "docs_reference_links": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning" + }, { "action": "repo.collaborators_only", "description": "N/A", @@ -2604,6 +2784,36 @@ "description": "Secret scanning was enabled for a repository.", "docs_reference_links": "N/A" }, + { + "action": "repository_secret_scanning_non_provider_patterns.disabled", + "description": "Secret scanning for non-provider patterns was disabled at the repository level.", + "docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns" + }, + { + "action": "repository_secret_scanning_non_provider_patterns.enabled", + "description": "Secret scanning for non-provider patterns was enabled at the repository level.", + "docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns" + }, + { + "action": "repository_secret_scanning_push_protection_bypass_list.add", + "description": "A role or team was added to the push protection bypass list at the repository level.", + "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection" + }, + { + "action": "repository_secret_scanning_push_protection_bypass_list.disable", + "description": "Push protection settings for \"Users who can bypass push protection for secret scanning\" changed from \"Specific roles or teams\" to \"Anyone with write access\" at the repository level.", + "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection" + }, + { + "action": "repository_secret_scanning_push_protection_bypass_list.enable", + "description": "Push protection settings for \"Users who can bypass push protection for secret scanning\" changed from \"Anyone with write access\" to \"Specific roles or teams\" at the repository level.", + "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection" + }, + { + "action": "repository_secret_scanning_push_protection_bypass_list.remove", + "description": "A role or team was removed from the push protection bypass list at the repository level.", + "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection" + }, { "action": "repository_secret_scanning_push_protection.disable", "description": "Secret scanning push protection was disabled for a repository.", @@ -2674,6 +2884,21 @@ "description": "Triggered when a user bypasses the push protection on a secret detected by secret scanning.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning#bypassing-push-protection-for-a-secret" }, + { + "action": "secret_scanning_push_protection_request.approve", + "description": "A request to bypass secret scanning push protection was approved by a user.", + "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#managing-requests-to-bypass-push-protection" + }, + { + "action": "secret_scanning_push_protection_request.deny", + "description": "A request to bypass secret scanning push protection was denied by a user.", + "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#managing-requests-to-bypass-push-protection" + }, + { + "action": "secret_scanning_push_protection_request.request", + "description": "A user requested to bypass secret scanning push protection.", + "docs_reference_links": "/code-security/secret-scanning/working-with-push-protection#requesting-bypass-privileges-when-working-with-the-command-line" + }, { "action": "security_key.register", "description": "A security key was registered for an account.", @@ -3144,6 +3369,16 @@ "description": "N/A", "docs_reference_links": "N/A" }, + { + "action": "user_email.confirm_claim", + "description": "An enterprise managed user claimed an email address.", + "docs_reference_links": "N/A" + }, + { + "action": "user_email.mark_as_unclaimed", + "description": "N/A", + "docs_reference_links": "An enterprise managed user unclaimed an email address." + }, { "action": "user.enable_collaborators_only", "description": "N/A", @@ -3404,6 +3639,11 @@ "description": "A workflow was enabled, after previously being disabled by disable_workflow.", "docs_reference_links": "N/A" }, + { + "action": "workflows.pin_workflow", + "description": "A workflow was pinned.", + "docs_reference_links": "N/A" + }, { "action": "workflows.prepared_workflow_job", "description": "A workflow job was started. Includes the list of secrets that were provided to the job. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", @@ -3418,5 +3658,10 @@ "action": "workflows.rerun_workflow_run", "description": "A workflow run was re-run.", "docs_reference_links": "/actions/managing-workflow-runs/re-running-workflows-and-jobs" + }, + { + "action": "workflows.unpin_workflow", + "description": "A workflow was unpinned after previously being pinned.", + "docs_reference_links": "N/A" } ] \ No newline at end of file diff --git a/src/audit-logs/data/ghes-3.14/organization.json b/src/audit-logs/data/ghes-3.14/organization.json index e7959eb1ec..4efd1492ca 100644 --- a/src/audit-logs/data/ghes-3.14/organization.json +++ b/src/audit-logs/data/ghes-3.14/organization.json @@ -84,6 +84,11 @@ "description": "Logs in a check suite were deleted.", "docs_reference_links": "N/A" }, + { + "action": "code.search", + "description": "A code search was run targeting an organization. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", + "docs_reference_links": "/search-github/github-code-search" + }, { "action": "codespaces.allow_permissions", "description": "A codespace using custom permissions from its devcontainer.json file was launched.", @@ -234,6 +239,11 @@ "description": "A knowledge base was updated in the organization.", "docs_reference_links": "copilot/github-copilot-enterprise/copilot-chat-in-github/managing-copilot-knowledge-bases" }, + { + "action": "copilot.plan_changed", + "description": "The plan for GitHub Copilot was updated.", + "docs_reference_links": "/billing/managing-billing-for-github-copilot/about-billing-for-github-copilot" + }, { "action": "custom_hosted_runner.create", "description": "N/A", @@ -824,6 +834,21 @@ "description": "A migration file for transferring data from a source location (such as a GitHub.com organization or a GitHub Enterprise Server instance) to a target GitHub Enterprise Server instance was downloaded.", "docs_reference_links": "N/A" }, + { + "action": "network_configuration.create", + "description": "A network configuration for a hosted compute service was created.", + "docs_reference_links": "/admin/configuration/configuring-private-networking-for-hosted-compute-products/about-networking-for-hosted-compute-products" + }, + { + "action": "network_configuration.delete", + "description": "A network configuration for a hosted compute service was deleted.", + "docs_reference_links": "/admin/configuration/configuring-private-networking-for-hosted-compute-products/about-networking-for-hosted-compute-products" + }, + { + "action": "network_configuration.update", + "description": "A network configuration for a hosted compute service was updated.", + "docs_reference_links": "/admin/configuration/configuring-private-networking-for-hosted-compute-products/about-networking-for-hosted-compute-products" + }, { "action": "oauth_application.create", "description": "An OAuth application was created.", @@ -969,6 +994,16 @@ "description": "N/A", "docs_reference_links": "N/A" }, + { + "action": "org.code_scanning_autofix_disabled", + "description": "Autofix for code scanning alerts was disabled for an organization.", + "docs_reference_links": "N/A" + }, + { + "action": "org.code_scanning_autofix_enabled", + "description": "Autofix for code scanning alerts was enabled for an organization.", + "docs_reference_links": "N/A" + }, { "action": "org.codeql_disabled", "description": "Code scanning using the default setup was disabled for an organization.", @@ -1429,6 +1464,36 @@ "description": "Generic secrets have been enabled at the organization level", "docs_reference_links": "N/A" }, + { + "action": "org_secret_scanning_non_provider_patterns.disabled", + "description": "Secret scanning for non-provider patterns was disabled at the organization level.", + "docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns" + }, + { + "action": "org_secret_scanning_non_provider_patterns.enabled", + "description": "Secret scanning for non-provider patterns was enabled at the organization level.", + "docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns" + }, + { + "action": "org_secret_scanning_push_protection_bypass_list.add", + "description": "A role or team was added to the push protection bypass list at the organization level.", + "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection" + }, + { + "action": "org_secret_scanning_push_protection_bypass_list.disable", + "description": "Push protection settings for \"Users who can bypass push protection for secret scanning\" changed from \"Specific roles or teams\" to \"Anyone with write access\" at the organization level.", + "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection" + }, + { + "action": "org_secret_scanning_push_protection_bypass_list.enable", + "description": "Push protection settings for \"Users who can bypass push protection for secret scanning\" changed from \"Anyone with write access\" to \"Specific roles or teams\" at the organization level.", + "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection" + }, + { + "action": "org_secret_scanning_push_protection_bypass_list.remove", + "description": "A role or team was removed from the push protection bypass list at the organization level.", + "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection" + }, { "action": "org.secret_scanning_push_protection_custom_message_disabled", "description": "The custom message triggered by an attempted push to a push-protected repository was disabled for an organization.", @@ -2204,31 +2269,21 @@ "description": "Code scanning analysis for a repository was deleted.", "docs_reference_links": "/rest/code-scanning#delete-a-code-scanning-analysis-from-a-repository" }, + { + "action": "repo.code_scanning_autofix_disabled", + "description": "Autofix for code scanning alerts was disabled for a repository.", + "docs_reference_links": "N/A" + }, + { + "action": "repo.code_scanning_autofix_enabled", + "description": "Autofix for code scanning alerts was enabled for a repository.", + "docs_reference_links": "N/A" + }, { "action": "repo.code_scanning_configuration_for_branch_deleted", "description": "A code scanning configuration for a branch of a repository was deleted.", "docs_reference_links": "/code-security/code-scanning/managing-code-scanning-alerts/managing-code-scanning-alerts-for-your-repository#removing-stale-configurations-and-alerts-from-a-branch" }, - { - "action": "repo.code_scanning_third_party_tools_disabled", - "description": "N/A", - "docs_reference_links": "N/A" - }, - { - "action": "repo.code_scanning_third_party_tools_enabled", - "description": "N/A", - "docs_reference_links": "N/A" - }, - { - "action": "repo.codeql_advanced_disabled", - "description": "N/A", - "docs_reference_links": "N/A" - }, - { - "action": "repo.codeql_advanced_enabled", - "description": "N/A", - "docs_reference_links": "N/A" - }, { "action": "repo.codeql_disabled", "description": "Code scanning using the default setup was disabled for a repository.", @@ -2239,6 +2294,11 @@ "description": "Code scanning using the default setup was enabled for a repository.", "docs_reference_links": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning" }, + { + "action": "repo.codeql_updated", + "description": "Code scanning using the default setup was updated for a repository.", + "docs_reference_links": "/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning" + }, { "action": "repo.codespaces_trusted_repo_access_granted", "description": "GitHub Codespaces was granted trusted repository access to this repository.", @@ -2709,6 +2769,36 @@ "description": "Generic secrets have been enabled at the repository level", "docs_reference_links": "N/A" }, + { + "action": "repository_secret_scanning_non_provider_patterns.disabled", + "description": "Secret scanning for non-provider patterns was disabled at the repository level.", + "docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns" + }, + { + "action": "repository_secret_scanning_non_provider_patterns.enabled", + "description": "Secret scanning for non-provider patterns was enabled at the repository level.", + "docs_reference_links": "/code-security/secret-scanning/secret-scanning-patterns#non-provider-patterns" + }, + { + "action": "repository_secret_scanning_push_protection_bypass_list.add", + "description": "A role or team was added to the push protection bypass list at the repository level.", + "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection" + }, + { + "action": "repository_secret_scanning_push_protection_bypass_list.disable", + "description": "Push protection settings for \"Users who can bypass push protection for secret scanning\" changed from \"Specific roles or teams\" to \"Anyone with write access\" at the repository level.", + "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection" + }, + { + "action": "repository_secret_scanning_push_protection_bypass_list.enable", + "description": "Push protection settings for \"Users who can bypass push protection for secret scanning\" changed from \"Anyone with write access\" to \"Specific roles or teams\" at the repository level.", + "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection" + }, + { + "action": "repository_secret_scanning_push_protection_bypass_list.remove", + "description": "A role or team was removed from the push protection bypass list at the repository level.", + "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-delegated-bypass-for-push-protection" + }, { "action": "repository_secret_scanning_push_protection.disable", "description": "Secret scanning push protection was disabled for a repository.", @@ -2879,6 +2969,21 @@ "description": "Triggered when a user bypasses the push protection on a secret detected by secret scanning.", "docs_reference_links": "/code-security/secret-scanning/protecting-pushes-with-secret-scanning#bypassing-push-protection-for-a-secret" }, + { + "action": "secret_scanning_push_protection_request.approve", + "description": "A request to bypass secret scanning push protection was approved by a user.", + "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#managing-requests-to-bypass-push-protection" + }, + { + "action": "secret_scanning_push_protection_request.deny", + "description": "A request to bypass secret scanning push protection was denied by a user.", + "docs_reference_links": "/code-security/secret-scanning/push-protection-for-repositories-and-organizations#managing-requests-to-bypass-push-protection" + }, + { + "action": "secret_scanning_push_protection_request.request", + "description": "A user requested to bypass secret scanning push protection.", + "docs_reference_links": "/code-security/secret-scanning/working-with-push-protection#requesting-bypass-privileges-when-working-with-the-command-line" + }, { "action": "sponsors.agreement_sign", "description": "A GitHub Sponsors agreement was signed on behalf of an organization.", @@ -3214,6 +3319,11 @@ "description": "A workflow was enabled, after previously being disabled by disable_workflow.", "docs_reference_links": "N/A" }, + { + "action": "workflows.pin_workflow", + "description": "A workflow was pinned.", + "docs_reference_links": "N/A" + }, { "action": "workflows.prepared_workflow_job", "description": "A workflow job was started. Includes the list of secrets that were provided to the job. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", @@ -3228,5 +3338,10 @@ "action": "workflows.rerun_workflow_run", "description": "A workflow run was re-run.", "docs_reference_links": "/actions/managing-workflow-runs/re-running-workflows-and-jobs" + }, + { + "action": "workflows.unpin_workflow", + "description": "A workflow was unpinned after previously being pinned.", + "docs_reference_links": "N/A" } ] \ No newline at end of file diff --git a/src/audit-logs/data/ghes-3.14/user.json b/src/audit-logs/data/ghes-3.14/user.json index 82520f05cb..0bb45c86df 100644 --- a/src/audit-logs/data/ghes-3.14/user.json +++ b/src/audit-logs/data/ghes-3.14/user.json @@ -1639,6 +1639,16 @@ "description": "N/A", "docs_reference_links": "N/A" }, + { + "action": "user_email.confirm_claim", + "description": "An enterprise managed user claimed an email address.", + "docs_reference_links": "N/A" + }, + { + "action": "user_email.mark_as_unclaimed", + "description": "N/A", + "docs_reference_links": "An enterprise managed user unclaimed an email address." + }, { "action": "user.enable_collaborators_only", "description": "N/A", @@ -1844,9 +1854,19 @@ "description": "A workflow was enabled, after previously being disabled by disable_workflow.", "docs_reference_links": "N/A" }, + { + "action": "workflows.pin_workflow", + "description": "A workflow was pinned.", + "docs_reference_links": "N/A" + }, { "action": "workflows.reject_workflow_job", "description": "A workflow job was rejected.", "docs_reference_links": "/actions/managing-workflow-runs/reviewing-deployments" + }, + { + "action": "workflows.unpin_workflow", + "description": "A workflow was unpinned after previously being pinned.", + "docs_reference_links": "N/A" } ] \ No newline at end of file diff --git a/src/audit-logs/lib/config.json b/src/audit-logs/lib/config.json index 795b7030c3..2acd933509 100644 --- a/src/audit-logs/lib/config.json +++ b/src/audit-logs/lib/config.json @@ -3,5 +3,5 @@ "apiOnlyEvents": "This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "apiRequestEvent": "This event is only available via audit log streaming." }, - "sha": "c71e46fe140dc7b1f1ebaad92471dd1abc1942e9" + "sha": "fbace6ef9a52fb210dc8af9ff44d248edb88538c" } \ No newline at end of file