Skip to content

Integrate deployment approval and approval rule changes into audit events

Release notes

Deployments in regulated industries is a central topic of compliance. While GitLab offered various audit events, deployment approvals were not part of the audited events leaving it hard to show if and when approval rules changed. GitLab now ships with a new set of audit events on deployment approval and approval rule changes. These events fire when deployment approval rules are change or when approval rules on protected environments are changes.

Summary

The audit_event api does not contain deployment approvals and does not contain changes to approval rules for protected environments (e.g. if an approval rule is removed, this is not logged). This information is required for audit and compliance purposes. I am working with a large customer who is required to store this information for 12 months

Background

We added the Audit Event for Protected Environments in #216164 (closed), however, it seems we forgot to support update path (ProtectedEnvironments::UpdateService). Create and Delete are already logged.

Proposal

We can introduce a similar logic with Feature Flag update process in ProtectedEnvironments::UpdateService.

Edited by Viktor Nagy (GitLab)