Log Git push actions
Problem to solve
As a GitLab administrator, I need to who and when Git data is being modified so that I can respond to security incidents effectively and pro-actively identify suspicious activity. At the moment I have no easy way of doing this.
GitLab should include Git push actions in the audit logs.
Administrator of the GitLab instance and/or Security and Compliance officers.
It should be possible a user of GitLab to have an central auditable trail of all write actions to a Git repository for analysis and investigation.
Extending audit events already supported by GitLab, when ever a Git push occurs, via the web interface, API or directly, we should log:
- user who initiated the push
- if was a force push (bool)
- the ref (branch or tag) pushed to
- the SHA hashes from before and after the operation
the protocol used to push (HTTP, SSH)https://gitlab.com/gitlab-org/gitlab-ee/issues/11811
the originating IP addresshttps://gitlab.com/gitlab-org/gitlab-ee/issues/11809
the Git client used to push (agent from the transfer protocol I think https://git-scm.com/book/en/v2/Git-Internals-Transfer-Protocols)https://gitlab.com/gitlab-org/gitlab-ee/issues/11810
Permissions and Security
Access should be consistent with existing Audit Events permissions.
Update https://docs.gitlab.com/ee/administration/audit_events.html docs to add push events
What does success look like, and how can we measure that?
What is the type of buyer?
Customers interested in this feature: