Arnica Documentation
  • Introduction
  • Getting Started
    • 🔑Sign Up
    • ▶️SCM Integrations
      • Azure DevOps
      • Bitbucket Cloud
      • Bitbucket Server & Datacenter
      • Github
        • GitHub Audit Logs
        • Github App Permissions
      • Gitlab
    • 📤ChatOps
      • Microsoft Teams
      • Slack
        • Adding Arnica to a New Channel
        • Interacting With the Arnica Slackbot
    • 🎫Ticket Management
      • 🐛Jira Integration
      • 📋ADO Boards Integration
    • 🧠Artificial Intelligence
      • Azure OpenAI
      • OpenAI ChatGPT
    • 🏨On Premise Integrations
  • Inventory
    • 💼Identities, Repositories & Organizations
    • 📇Software Bill of Materials (SBOM)
    • 🦄Prioritization & Product Ownership
  • Hardcoded Secrets
    • 🕵️Secret Detection
    • ⏪Realtime Secret Mitigation
    • 🥕Secrets Policy Settings
  • Code Risks
    • 🎼Static Application Security Testing (SAST)
      • Custom SAST Rules
    • 🧩Software Composition Analysis (SCA)
    • 🔡3rd Party Package Licenses
      • Override License Classifications
    • 🤹3rd Party Package Reputation
      • Identifying Low Rep Packages
      • How to Find Alternative Packages
    • ⛅Infrastructure as Code Security (IaC)
    • 🤖Code Risk Policy Settings
      • Developer Feedback On Push
      • Require Review Before Dismissal
      • 0 New High Severity Vulnerabilities
      • Enforce Remediation SLA
    • 🪄Code Risk Magic Links
    • 📦Code Risk Language and Framework Support
  • Platform Operations
    • 🚪Joining an Existing Org
    • ❌Deleting a Tenant
    • 🫂How do I invite members to my tenant?
      • New User Invitations
    • 👥Users & Roles
    • 🔇Deleting Integrations
    • ⌛Scheduled Jobs
      • How often do Jobs run?
    • 💸Billing
  • Security
    • 🎮Role Based Access Control (RBAC)
    • 🛡️Data Handling
    • 🏛️SSO Integration
      • Okta Integration
      • Entra ID Integration
Powered by GitBook
On this page
  • Overview
  • Export Audit Log
  • Upload the file to Arnica

Was this helpful?

  1. Getting Started
  2. SCM Integrations
  3. Github

GitHub Audit Logs

This article explains how to extract the Audit Log from GitHub for organizations without enterprise plan and import into Arnica

PreviousGithubNextGithub App Permissions

Last updated 1 year ago

Was this helpful?

Overview

The assessment of excessive permissions to GitHub requires full visibility into all activity in the organization. However, the GitHub Audit API is .

Follow the steps in this article to get the full benefits of organization with an enterprise plan.

Export Audit Log

  1. Navigate to the following audit trail page by replacing your organization name with ORG_SLUG: https://github.com/organizations/ORG_SLUG/settings/audit-log. If you have access to the organization's audit log, the top of the page should be similar to the screenshot below.

Otherwise, if you are not authorized, a page with the status code 404 will appear instead. In this case, ask an authorized user in your organization to follow this article.

  1. Click on Export and select the JSON export format. It may take a few seconds to generate the file and download it.

Upload the file to Arnica

The file upload functionality is visible only if at least one GitHub organization with a non-enterprise plan is integrated.

The message below is presented in the Risks and Inventory pages if the last event is older than 7 days.

Audit logs can be added from the Integrations page under the Admin section.

▶️
available only for organizations with enterprise plan