badenh
commented
2 years ago There is an audit log function on Github Enterprise that allows per token action tracing. I don't think it's available on the non-ent version, which in some ways seems strange. I have access to both types of environments, if it's still relevant I can look into it.
based on the discussion in #66: Is there an audit trail for actions on Github triggered via a stolen Github runner token? Can we somehow figure out what an attacker has done with that token?