Audit log of private repository downloads


Is it possible to get detailed audit log of downloads (e.g. performed using pull/fetch/clone commands) of private repositories on the GitHub?

Specifically, information identifying user, command used, date & time, and destination URL/IP address will be very useful in identification of any suspicious activity.


@sumit-creates unfortunately the Audit event log API does not include events of Git actions. It is a feature requested by many people, and still nothing on the public roadmap for this.

There are Webhook events for git actions. Not as user friendly, you would need to configure and setup webhook’s and a listener to pick up the http payloads sent to your Webhook listener. You will also need to consider how you wish to handle lost/undelivered messages

Hi Hugh,

Thanks for your prompt and helpful response! Appreciate your suggestion about the Webhook events plus git actions based alternative approach.

Yes, it definitely seems complicated to automate this apparently simple yet important task. It will be great if GitHub makes this more user and automation friendly given that sharing of sensitive data in private repositories mandates active monitoring.

Thanks and best regards,

See these roadmap updates

Thanks Hugh for sharing this very important and relevant information.

Looking forward to try these new additions. It seems from the description that our primary objective of monitoring sensitive information usage will be achieved to a significant extent with the help of mentioned features.

Thanks and best regards,