Update audit log event data (#58797)

docs-bot · sophietheking · web-flow · commit a655b69ef7e4 · 2025-12-11T09:59:25.000Z
Co-authored-by: Sophie &lt;29382425+sophietheking@users.noreply.github.com&gt;
diff --git a/src/audit-logs/data/ghec/enterprise.json b/src/audit-logs/data/ghec/enterprise.json
@@ -3570,23 +3570,6 @@
     ],
     "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning"
   },
-  {
-    "action": "code.search",
-    "description": "A code search was run targeting an organization. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.",
-    "docs_reference_links": "/search-github/github-code-search",
-    "fields": [
-      "@timestamp",
-      "action",
-      "actor_id",
-      "business_id",
-      "query",
-      "org_id",
-      "user_id",
-      "_document_id",
-      "search_string"
-    ],
-    "docs_reference_titles": "/search-github/github-code-search"
-  },
   {
     "action": "codespaces.allow_permissions",
     "description": "A codespace using custom permissions from its devcontainer.json file was launched.",
diff --git a/src/audit-logs/data/ghes-3.14/enterprise.json b/src/audit-logs/data/ghes-3.14/enterprise.json
@@ -1831,23 +1831,6 @@
       "programmatic_access_type"
     ]
   },
-  {
-    "action": "code.search",
-    "description": "A code search was run targeting an organization. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.",
-    "docs_reference_links": "/search-github/github-code-search",
-    "fields": [
-      "@timestamp",
-      "action",
-      "actor_id",
-      "business_id",
-      "query",
-      "org_id",
-      "user_id",
-      "_document_id",
-      "search_string"
-    ],
-    "docs_reference_titles": "/search-github/github-code-search"
-  },
   {
     "action": "codespaces.allow_permissions",
     "description": "A codespace using custom permissions from its devcontainer.json file was launched.",
diff --git a/src/audit-logs/data/ghes-3.14/organization.json b/src/audit-logs/data/ghes-3.14/organization.json
@@ -362,23 +362,6 @@
       "programmatic_access_type"
     ]
   },
-  {
-    "action": "code.search",
-    "description": "A code search was run targeting an organization. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.",
-    "docs_reference_links": "/search-github/github-code-search",
-    "fields": [
-      "@timestamp",
-      "action",
-      "actor_id",
-      "business_id",
-      "query",
-      "org_id",
-      "user_id",
-      "_document_id",
-      "search_string"
-    ],
-    "docs_reference_titles": "/search-github/github-code-search"
-  },
   {
     "action": "codespaces.allow_permissions",
     "description": "A codespace using custom permissions from its devcontainer.json file was launched.",
diff --git a/src/audit-logs/data/ghes-3.15/enterprise.json b/src/audit-logs/data/ghes-3.15/enterprise.json
@@ -1831,23 +1831,6 @@
       "programmatic_access_type"
     ]
   },
-  {
-    "action": "code.search",
-    "description": "A code search was run targeting an organization. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.",
-    "docs_reference_links": "/search-github/github-code-search",
-    "fields": [
-      "@timestamp",
-      "action",
-      "actor_id",
-      "business_id",
-      "query",
-      "org_id",
-      "user_id",
-      "_document_id",
-      "search_string"
-    ],
-    "docs_reference_titles": "/search-github/github-code-search"
-  },
   {
     "action": "codespaces.allow_permissions",
     "description": "A codespace using custom permissions from its devcontainer.json file was launched.",
diff --git a/src/audit-logs/data/ghes-3.16/enterprise.json b/src/audit-logs/data/ghes-3.16/enterprise.json
@@ -2064,23 +2064,6 @@
     ],
     "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning"
   },
-  {
-    "action": "code.search",
-    "description": "A code search was run targeting an organization. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.",
-    "docs_reference_links": "/search-github/github-code-search",
-    "fields": [
-      "@timestamp",
-      "action",
-      "actor_id",
-      "business_id",
-      "query",
-      "org_id",
-      "user_id",
-      "_document_id",
-      "search_string"
-    ],
-    "docs_reference_titles": "/search-github/github-code-search"
-  },
   {
     "action": "codespaces.allow_permissions",
     "description": "A codespace using custom permissions from its devcontainer.json file was launched.",
diff --git a/src/audit-logs/data/ghes-3.17/enterprise.json b/src/audit-logs/data/ghes-3.17/enterprise.json
@@ -2173,23 +2173,6 @@
     ],
     "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning"
   },
-  {
-    "action": "code.search",
-    "description": "A code search was run targeting an organization. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.",
-    "docs_reference_links": "/search-github/github-code-search",
-    "fields": [
-      "@timestamp",
-      "action",
-      "actor_id",
-      "business_id",
-      "query",
-      "org_id",
-      "user_id",
-      "_document_id",
-      "search_string"
-    ],
-    "docs_reference_titles": "/search-github/github-code-search"
-  },
   {
     "action": "codespaces.allow_permissions",
     "description": "A codespace using custom permissions from its devcontainer.json file was launched.",
diff --git a/src/audit-logs/data/ghes-3.18/enterprise.json b/src/audit-logs/data/ghes-3.18/enterprise.json
@@ -2173,23 +2173,6 @@
     ],
     "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning"
   },
-  {
-    "action": "code.search",
-    "description": "A code search was run targeting an organization. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.",
-    "docs_reference_links": "/search-github/github-code-search",
-    "fields": [
-      "@timestamp",
-      "action",
-      "actor_id",
-      "business_id",
-      "query",
-      "org_id",
-      "user_id",
-      "_document_id",
-      "search_string"
-    ],
-    "docs_reference_titles": "/search-github/github-code-search"
-  },
   {
     "action": "codespaces.allow_permissions",
     "description": "A codespace using custom permissions from its devcontainer.json file was launched.",
diff --git a/src/audit-logs/data/ghes-3.19/enterprise.json b/src/audit-logs/data/ghes-3.19/enterprise.json
@@ -2366,23 +2366,6 @@
     ],
     "docs_reference_titles": "/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning"
   },
-  {
-    "action": "code.search",
-    "description": "A code search was run targeting an organization. This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.",
-    "docs_reference_links": "/search-github/github-code-search",
-    "fields": [
-      "@timestamp",
-      "action",
-      "actor_id",
-      "business_id",
-      "query",
-      "org_id",
-      "user_id",
-      "_document_id",
-      "search_string"
-    ],
-    "docs_reference_titles": "/search-github/github-code-search"
-  },
   {
     "action": "codespaces.allow_permissions",
     "description": "A codespace using custom permissions from its devcontainer.json file was launched.",
diff --git a/src/audit-logs/lib/config.json b/src/audit-logs/lib/config.json
@@ -9,5 +9,5 @@
     "git": "Note: Git events have special access requirements and retention policies that differ from other audit log events. For GitHub Enterprise Cloud, access Git events via the REST API only with 7-day retention. For GitHub Enterprise Server, Git events must be enabled in audit log configuration and are not included in search results.",
     "sso_redirect": "Note: Automatically redirecting users to sign in is currently in beta for Enterprise Managed Users and subject to change."
   },
-  "sha": "8efd989592ccb44cd746d9715ae6a69c87a8af8d"
+  "sha": "c0e079a256a9934069dee8b935190467e5fa3a5c"
 }

Original file line number	Diff line number	Diff line change
`@@ -9,5 +9,5 @@`
`9`	`9`	`"git": "Note: Git events have special access requirements and retention policies that differ from other audit log events. For GitHub Enterprise Cloud, access Git events via the REST API only with 7-day retention. For GitHub Enterprise Server, Git events must be enabled in audit log configuration and are not included in search results.",`
`10`	`10`	`"sso_redirect": "Note: Automatically redirecting users to sign in is currently in beta for Enterprise Managed Users and subject to change."`
`11`	`11`	`},`
`12`		`- "sha": "8efd989592ccb44cd746d9715ae6a69c87a8af8d"`
	`12`	`+ "sha": "c0e079a256a9934069dee8b935190467e5fa3a5c"`
`13`	`13`	`}`