Add audit event when SPP is enabled/disabled for a group via API
Overview
To keep security teams and administrators informed, and ensure they have visibility into the behavior of Secret Push Protection, we should create an audit event every time one of the APIs created in #502827 (closed) or #502828 (closed) are called.
Proposal
Below is a proposal of what could be done to achieve this task.
-
Create a new audit event when either one of the APIs are called.
Requirements
- Audit event should include the parent group ID.
- Audit event message should include:
- "Secret push protection has been enabled for group X and all of it's inherited groups/projects"
- Audit event should include the user and the action taken (i.e.
enablevs.disable).
Edited by Ahmed Hemdan