Add clones and pushes to audit logging (BB-9452)

Issue #8322 open
Marcus Bertrand
staff created an issue

Comments (95)

  1. Tracey Ruark

    +1. This would be extremely useful when we're working with less experience Git users who may or may not understand the commands they are submitting. Having some way of seeing exactly who did exactly what to our repo would be very handy in educating devs on better Git behavior.

  2. Dan Nelson

    +1 - Completely agree with the statements above. Detailed auditing is an absolute necessity; clones, pushes, downloads... anytime the repo is touched, an audit trail should be generated.

  3. IT Team

    Am I right in thinking this was requested 5 years ago?

    It would be a very good feature to settle the minds of less technical management knowing that we know who has our code on what machine and when it was pulled etc.

  4. Jeremy Phillips

    As part of a security team overseeing various tools and services, the lack of this audit logging is making me seriously question future usage of BitBucket. This should have been added a long time ago...

  5. IT Team

    @Jeremy Phillips i couldn't agree more. I'm being asked by compliance and senior management to lock down source code to protect IP... which obviously makes it very difficult for devs (especially remote devs) to work... having this level of functionality would prove to be be priceless in the event of a rouge dev pulling repo's on to machines they shouldn't be!!

  6. Daniel Gray

    +1 This feature is required for auditing and compliance, ensuring that there is visibility into areas where source/IP is pulled, from what IP, by who, and at what time

  7. Vamsi Mandadapu

    as the administrator of the organization, This feature is required for auditing and compliance, ensuring that there is visibility into areas where source/IP is pulled, from what IP source code is cloned username and IP address and network. from which IP complete actions are performed.

    Kindly look this is high priority.

  8. Martin Moreau

    +1 How a basic clone log like this can be missing? This is a required security feature (with IP address) to be able to find suspicious activity! As manager I need a better way to see the read activity on the code, (not only the writing access!)

  9. Anand Kumar

    +1. It would be great to have this facility. Tracking everything is very important for any developer as well as an organization. This applies even for Bitbucket. Hoping to see this made available soon, with back dated tracker too.

  10. Log in to comment