Skip to content

Add application settings changes to audit events

We have instance-level audit events: https://docs.gitlab.com/ee/administration/audit_events.html#instance-events

These currently don't include changes to application settings. On GitLab.com and our staging environment, there is a sizeable group of people who can change these settings. Mostly they don't do that, but if they did, it could have a considerable impact.

In gitlab-com/gl-infra/production#3010 (comment 445838346) for instance, we noticed a setting was different in staging compared to production. We don't know:

  1. Why it was different.
  2. When it was changed.
  3. Who changed it.

An audit log can't answer the first question, but it can answer the second two, which would already be a huge help. It would also let us auto-create review issues every time we change a setting, to validate that we had the appropriate change issue in place to do so.