Audit events for project access tokens
All threads resolved!
All threads resolved!
Compare changes
Files
2@@ -22,6 +22,8 @@ def execute
@@ -58,6 +60,10 @@ def find_member
Related issue: #230007 (closed)
Add app and audit events for project access token creation and revocation.
App logs can be found in application.log
and look like this:
Audit events are available in EE and can be found in Project > Security & Compliance > Audit Events:
Edit: Successful token creation audit event message now includes the access token's scopes:
In the screenshot,
token-scopes
has api
, read_api
, read_repository
, and write_repository
checked
no-scope
has none of the boxes checked
api-token
has api
checked
If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:
@gitlab-com/gl-security/appsec