Query: branch_protection_policy_overridden

select
  tp_timestamp as timestamp,
  action as operation,
  concat(
    'https://github.com/',
    repo,
    '/commit/',
    additional_fields ->> 'after'
  ) as resource,
  actor,
  tp_source_ip as source_ip,
  tp_index as organization,
  split_part(repo, '/', 2) as repository,
  tp_id as source_id,
  * exclude (actor, timestamp)
from
  github_audit_log
where
  action = 'protected_branch.policy_override'
order by
  tp_timestamp desc;