Audit events for project access tokens
All threads resolved!
All threads resolved!
Compare changes
- Serena Fang authored
@@ -100,6 +100,8 @@ From there, you can see the following actions:
Related issue: #230007 (closed)
Add app and audit events for project access token creation and revocation.
App logs can be found in application.log
and look like this:
Audit events are available in EE and can be found in Project > Security & Compliance > Audit Events:
Edit: Successful token creation audit event message now includes the access token's scopes:
In the screenshot,
token-scopes
has api
, read_api
, read_repository
, and write_repository
checked
no-scope
has none of the boxes checked
api-token
has api
checked
If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:
@gitlab-com/gl-security/appsec