Open timReynolds opened 6 years ago
Thanks for the feedback Tim. What kind of things would you want to see in that audit log?
Mostly created and auto merged PRs. I think the most value is in the auto merged PRs
Interesting. For created it's possible to construct a GitHub PR filter like this one for all PRs created for alphagov. Merges is trickier - I can't find any docs on filtering PRs by who merged them, and I'm not having any joy experimenting with it. There's the GitHub API, of course, but that's a bunch less convenient.
I'll keep this in mind. I can see how adding a "Event history" section to the account drop-down could be useful.
To extend on that request, I wish we had people's action audit log as well, our org is kinda big so it would be nice to know:
Example:
+1 to @cabello's request. If an application gets disabled/edited by any user in the org - we'd want a notification of some sort.
Currently, anyone in the org can do this, which I find confusing from a security perspective.
Still relevant. Bump
As an update on this, currently enablement of Dependabot Security Alerts is tracked in the GitHub audit log, but not enablement of Security or Version updates.
I agree it makes sense to add support for this, although may not get prioritized for a while.
It would be great to see an audit log or event history in the dashboard allowing users to understand the actions taken by the bot.