Skip to content

Do not create audit event for failed logins on read-only DB

What does this MR do?

Do not create audit events for failed logins on a read-only database.

Does this MR meet the acceptance criteria?


Availability and Testing


Does this MR contain changes to processing or storing of credentials or tokens, authorization and authentication methods or other items described in the security review guidelines? If not, then delete this Security section.

  • Label as security and @ mention @gitlab-com/gl-security/appsec
  • The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
  • Security reports checked/validated by a reviewer from the AppSec team

Related issue

Related to #335232 (closed)

Edited by Douglas Barbosa Alexandre

Merge request reports