GraphQL Auditlog API to query branch protection update

We want to run a query to check if administrator has changed a branch protection rule, in particular the 'Include administrators" setting.

Github audit log entry has the data -> the update_admin_enforce action.

however I can not find any union or object in GraphQL documentation can get that.

Is there any way to get that audit log entry ??

Hi @ecsk,
I also tried using the GraphQL Audit Log API to monitor significant auditable events only to find it supports a very limited subset of events you can view or export through the user browser interface.

The stock answer you get is your feedback has been added to an internal issue tracking customer feedback regarding the addition of these missing event types to the Audit Entry interface.

The limited set of events/interfaces are here

Broadly described in the documentatuon as

  • Access to your organization or repository settings.
  • Changes in permissions.
  • Added or removed users in an organization, repository, or team.
  • Users being promoted to admin.
  • Changes to permissions of a GitHub App.

Suggest you you add you feedback rust as well.

The documentation says you can use the API to ensure a secure IP and compliance and also keep copies of your audit log data.
You clearly cannot use it get a copy of you your audit log data juat the limited subset of data.

I have the same feeling,
Suggestion in this post What is the best way to acquire AuditLog in organization? is to dump all audit entries in a period.

However, the sample query in that post only gives limited audit entries, not everything as shown in web UI.

@ecsk
There is no programatic way of dumping ALL audit log entries (viewable through the browser interface) via an API in its entirety or for a time range.
The export feature of the user interface is not an API either.

To get the most compete coverage of events you may need to you are stuck with A) Querying API for everything you can get from there
B) Also configuring Organization Webhook for all events there as well
or any subset of events you want from API or Webhook .
The webhook’s however has unwanted complexity as they are not an assured delivery mechanism, and required a lot of effort to put something in place to reduce the risk of lost events.

In the article you linked above I signposted two public roadmap features related to these areas Beta for Git events in Audit Log 4Q 2020 and additional reliability features for Webhooks in Q1 2021 (although this Webhook reliability will require even more development to leverage)