Add audit events for environment lifecycle operations
Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.
Summary
Recognized by a customer (internal link).
Currently, GitLab does not generate audit events for basic environment lifecycle operations (create, delete, stop, start), creating a significant compliance and security gap for organizations that rely on environment audit trails for governance and automated recovery processes.
Problem
- No audit events are generated when environments are created, deleted, stopped, or started
- Only protected environment configuration changes generate audit events (introduced in GitLab 16.5)
- Organizations cannot track who performed environment lifecycle operations or when they occurred
- Automated systems cannot detect and respond to unauthorized environment changes
Proposed Solution
Add audit events for the following environment operations:
environment_created
environment_deleted
environment_stopped
environment_started
environment_updated
Edited by 🤖 GitLab Bot 🤖