Missing important Audit events in GitLab Premium
Why someone buy/use GitLab Premium?
Because present features:
- verify commiter (PCI DSS/Finance software security requirement)
- user email check in project profile (like verify commiter)
- issue tracker ID present in commit messages (PCI DSS/Finance software security requirement)
So from Security Officer point of view: significant events regarding changes in MAIN PREMIUM features does not present in project Audit (who, when and why change important project settings). So this problem is major security problem for GL Premium users.
- so project Administrator can turn off this features
- commit hacked source to GL under another user (git config --name='Jhon Doe' --firstname.lastname@example.org')
- commit something without Issue ID
- switch back settings
Also regarding this security issue - not present global settings which cannot be override in particular projects. So Company rule - commit with Issue ID in any case.
Also missing main commit feed/activity (not per project) - just to show PCI DSS Auditor that all commits contains Issue ID.