Control freak audit log
Hi,
Bitbucket Server has a great feature where all configuration changes are logged in an audit log, so if anybody changed permissions or controls you can see it. Does Control Freak also log somewhere what changes are made?
I love Control Freak, it now allows us to control everything we need in our VCS flow, but one problem is that we don’t have any logs when settings (either on repository, project or global level) are changed. This is important when auditors come to do audit for things like SOC assurance and ISO certifications. Without logs, Control Freak cannot be accepted as evidence that certain controls were in place. Because of that there are still some tasks and monitoring that we can’t get rid of, only because we have no easy way of verifying that Control Freak wasn’t tempered with by an admin.
Again, really love Control Freak (and PR-Booster), it added the few missing features for VCS flow control that we really wanted but didn’t exist a few years ago, and it combined controls that we needed three separate add-ons for into one.
Regards,
Marijn van Zon.
Comments (6)
-
repo owner -
repo owner - marked as critical
-
Same with us… security is above everything… should also apply for Bitbucket.
-
repo owner - changed status to resolved
Implemented in version v2020.01.29.
Note: Data Center version is published. Server version held up in marketplace approval queue for now (!?!?) but can be downloaded directly from:
-
reporter Thank you very much Sylvie!! This will help us a lot :).
-
repo owner The audit log will sometimes reference changes to the branch pattern bitmaps (e.g., “User edited
commitPolicyJirasOn
=Hdpbfhro”)
. I haven’t updated the docs yet to talk about this. Here’s how to read those bitmaps when they show up in the audit log:// (H)EAD (default) (d)evelopment, (p)roduction, (b)ugfix, (f)eature, (h)otfix, (r)elease (t)ags, all (o)thers
// (Note: Control Freak does not control tags using bitmaps, so "t" not included in full bitmap).
public final static String FULL_BITMAP = "Hdpbfhro";
- Log in to comment
Marijn van Zon -
Thanks for sticking with us all these years! And this bug report is too kind!
We’ll see what we can do. We’re very occupied right now trying to get Control Freak and Commit graph through the DC certification process, after which we’ll try and tackle this. I think it might be 6-8 weeks, though.