Uploaded image for project: 'Bitbucket Data Center'
  1. Bitbucket Data Center
  2. BSERV-19412

Audit log for Git operations (clone, pull, push)

XMLWordPrintable

    • 1
    • We collect Bitbucket feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

      In order to be able to monitor behavioral aspects of integrations (SSH Keys, API keys & installed apps), an audit log for git activity (clone, push, pull) is necessary (similar to what is available on GitHub)

      The metadata useful for our behavioral analysis -

      • The organization an action was performed in
      • The user (actor) who performed the action
      • The user affected by the action
      • Which repository an action was performed in
      • The action that was performed
      • Which country the action took place in
      • The date and time the action occurred
      • IP & UA that performed the action

      We have customers that we support which expect this feature

            [BSERV-19412] Audit log for Git operations (clone, pull, push)

            Tomer Gandler added a comment -

            Example of GitHub's git operations in the Git Audit Log here

            Tomer Gandler added a comment - Example of GitHub's git operations in the Git Audit Log here

            Tomer Gandler added a comment - - edited

            Additional context - 

            The lack of an audit log API renders them not usable, and has a very negative effect on the ability to provide breach alerts.

            There is no way to learn of suspicious activity in the workspace.

            Workato is one of our customers that is affected by this issue as we cannot provide sufficient monitoring for their Bitbucket workspace. 

            Tomer Gandler added a comment - - edited Additional context -  The lack of an audit log API renders them not usable, and has a very negative effect on the ability to provide breach alerts. There is no way to learn of suspicious activity in the workspace. Workato is one of our customers that is affected by this issue as we cannot provide sufficient monitoring for their Bitbucket workspace. 

              Unassigned Unassigned
              ae69a804f542 Tomer Gandler
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: