July 1, 2024
Audit logs for Gitpod Enterprise
Gitpod Enterprise customers now have access to audit logs to improve proactive monitoring of development environments for unexpected behaviors or for post-incident forensics or analysis.
Audit logs are stored in a data store within the Gitpod instance for 90 days and can be retrieved via API by users with the “owner” role.
Audit events are also forwarded to application logs. Gitpod Enterprise customers can access application logs directly from CloudWatch.
Gitpod logs audit events for every internal API call which including the following examples:
Workspace start, stop, delete
Update to members of organizations
Changes to organization policy settings
Each audit event includes a unique instance id, timestamp, the API action performed, the actor who performed the action and any arguments. An example:
json{
"id": "1ac75456-ae7d-4233-9914-32d124fa35c3",
"timestamp": "2024-06-24T13:29:36.484Z",
"action": "getTeamProjects",
"organizationId": "3d5e4ee2-7e5f-468f-b027-276a65518784",
"actorId": "e2eb4315-1ce5-4c5b-b1a1-d6a891c08a56",
"args": "[\"3d5e4ee2-7e5f-468f-b027-276a65518784\"]"
}Any breaking changes to audit log actions or arguments will be made with sufficient prior communication to their release.
See the API documentation for more.
Frequently asked questions
Are audit logs available in the dashboard?
Audit logs are only available programmatically either through the API or directly from logs.
Can the audit log retention be configured?
Audit logs are retained within Gitpod for 90 days now. Currently, this value cannot be configured yet!
Are events tracked within the development environment itself?
Gitpod audit logs only apply to the Gitpod platform which includes orchestration and administration of workspaces, but does not extend to actions taken within workspaces.
Do audit logs track changes to environment configurations?
Changes to any organization settings or policies are shown in logs. Changes to the .gitpod.yml definitions are kept in source control history in your SCM.