Audit event types
DETAILS: Tier: Premium, Ultimate Offering: GitLab.com, Self-managed, GitLab Dedicated
Audit event types are used to filter streamed audit events:
Every audit event is associated with an event type. Audit event types can allow audit events to be:
- Saved to the database. Available in the Premium and Ultimate tier. You can retrieve audit events associated with these types by using the audit events dashboard or the audit events API.
- Streamed to external destinations. Available in the Ultimate tier. You can stream audit events associated with these types to external destinations if a destination is set.
Some audit event types don't allow saving audit events to the database. Other audit event types don't allow streaming audit events to external destinations.
An audit event type's scope limits the availability of the audit event type to either:
- Project, group, or user audit events.
- Instance audit events.
Available audit event types
Audit event types belong to the following product categories.
Ai framework
Name | Description | Saved to database | Streamed | Introduced in | Scope |
---|---|---|---|---|---|
duo_features_enabled_updated |
GitLab Duo Features enabled setting on group or project changed | {check-circle} Yes | {check-circle} Yes | GitLab 16.10 | Group, Project |
Audit events
Name | Description | Saved to database | Streamed | Introduced in | Scope |
---|---|---|---|---|---|
amazon_s3_configuration_created |
Triggered when Amazon S3 configuration for audit events streaming is created | {check-circle} Yes | {check-circle} Yes | GitLab 16.5 | Group |
amazon_s3_configuration_deleted |
Triggered when Amazon S3 configuration for audit events streaming is deleted. | {check-circle} Yes | {check-circle} Yes | GitLab 16.5 | Group |
amazon_s3_configuration_updated |
Triggered when Amazon S3 configuration for audit events streaming is updated. | {check-circle} Yes | {check-circle} Yes | GitLab 16.5 | Group |
audit_events_streaming_headers_create |
Triggered when a streaming header for audit events is created | {check-circle} Yes | {check-circle} Yes | GitLab 15.3 | Group |
audit_events_streaming_headers_destroy |
Triggered when a streaming header for audit events is deleted | {check-circle} Yes | {check-circle} Yes | GitLab 15.3 | Group |
audit_events_streaming_instance_headers_create |
Triggered when a streaming header for instance level external audit event destination is created | {check-circle} Yes | {check-circle} Yes | GitLab 16.3 | Instance |
audit_events_streaming_instance_headers_destroy |
Triggered when a streaming header for instance level external audit event destination is deleted | {check-circle} Yes | {check-circle} Yes | GitLab 16.3 | Instance |
audit_events_streaming_instance_headers_update |
Triggered when a streaming header for instance level external audit event destination is updated | {check-circle} Yes | {check-circle} Yes | GitLab 16.3 | Instance |
create_event_streaming_destination |
Event triggered when an external audit event destination is created | {check-circle} Yes | {check-circle} Yes | GitLab 14.6 | Group |
create_http_namespace_filter |
Event triggered when a namespace filter for an external audit event destination for a top-level group is created. | {check-circle} Yes | {check-circle} Yes | GitLab 16.6 | Group |
create_instance_event_streaming_destination |
Event triggered when an instance level external audit event destination is created | {check-circle} Yes | {check-circle} Yes | GitLab 16.2 | Instance |
created_group_audit_event_streaming_destination |
Event triggered when an external audit event destination for a top-level group is created. | {check-circle} Yes | {check-circle} Yes | GitLab 16.11 | Group |
created_group_namespace_filter |
Event triggered when a namespace filter for an external audit event destination for a top-level group is created. | {check-circle} Yes | {check-circle} Yes | GitLab 17.0 | Group |
created_instance_audit_event_streaming_destination |
Event triggered when an external audit event destination for a GitLab instance is created. | {check-circle} Yes | {check-circle} Yes | GitLab 16.11 | Instance |
created_instance_namespace_filter |
Event triggered when a namespace filter for an external audit event destination for an instance is created. | {check-circle} Yes | {check-circle} Yes | GitLab 17.2 | Instance |
delete_http_namespace_filter |
Event triggered when a namespace filter for an external audit event destination for a top-level group is deleted. | {check-circle} Yes | {check-circle} Yes | GitLab 16.7 | Group |
deleted_group_audit_event_streaming_destination |
Event triggered when an external audit event destination for a top-level group is deleted. | {check-circle} Yes | {check-circle} Yes | GitLab 16.11 | Group |
deleted_group_namespace_filter |
Event triggered when a namespace filter for an external audit event destination for a top-level group is deleted. | {check-circle} Yes | {check-circle} Yes | GitLab 17.0 | Group |
deleted_instance_audit_event_streaming_destination |
Event triggered when an external audit event destination for a GitLab instance is deleted. | {check-circle} Yes | {check-circle} Yes | GitLab 16.11 | Instance |
deleted_instance_namespace_filter |
Event triggered when a namespace filter for an external audit event destination for an instance is deleted. | {check-circle} Yes | {check-circle} Yes | GitLab 17.2 | Instance |
destroy_event_streaming_destination |
Event triggered when an external audit event destination is deleted | {check-circle} Yes | {check-circle} Yes | GitLab 14.6 | Group |
destroy_instance_event_streaming_destination |
Event triggered when an instance level external audit event destination is deleted | {check-circle} Yes | {check-circle} Yes | GitLab 16.2 | Instance |
event_type_filters_created |
Event triggered when a new audit events streaming event type filter is created | {check-circle} Yes | {check-circle} Yes | GitLab 15.10 | Group |
event_type_filters_deleted |
Event triggered when audit events streaming event type filters are deleted | {check-circle} Yes | {check-circle} Yes | GitLab 15.10 | Group |
google_cloud_logging_configuration_created |
Triggered when Google Cloud Logging configuration is created | {check-circle} Yes | {check-circle} Yes | GitLab 16.1 | Group |
google_cloud_logging_configuration_deleted |
Triggered when Google Cloud Logging configuration is deleted | {check-circle} Yes | {check-circle} Yes | GitLab 16.1 | Group |
google_cloud_logging_configuration_updated |
Triggered when Google Cloud Logging configuration is updated | {check-circle} Yes | {check-circle} Yes | GitLab 16.1 | Group |
instance_amazon_s3_configuration_created |
Triggered when instance Amazon S3 configuration for audit events streaming is created | {check-circle} Yes | {check-circle} Yes | GitLab 16.7 | Instance |
instance_amazon_s3_configuration_deleted |
Triggered when instance-level Amazon S3 configuration for audit events streaming is deleted | {check-circle} Yes | {check-circle} Yes | GitLab 16.7 | Instance |
instance_amazon_s3_configuration_updated |
Triggered when instance-level Amazon S3 configuration for audit events streaming is updated | {check-circle} Yes | {check-circle} Yes | GitLab 16.7 | Instance |
instance_google_cloud_logging_configuration_created |
Triggered when Instance level Google Cloud Logging configuration is created | {check-circle} Yes | {check-circle} Yes | GitLab 16.4 | Instance |
instance_google_cloud_logging_configuration_deleted |
Triggered when instance level Google Cloud Logging configuration is deleted. | {check-circle} Yes | {check-circle} Yes | GitLab 16.5 | Instance |
instance_google_cloud_logging_configuration_updated |
Triggered when instance level Google Cloud Logging configuration is updated. | {check-circle} Yes | {check-circle} Yes | GitLab 16.5 | Instance |
update_event_streaming_destination |
Event triggered when an external audit event destination is updated | {check-circle} Yes | {check-circle} Yes | GitLab 14.6 | Group |
update_instance_event_streaming_destination |
Event triggered when an instance level external audit event destination is updated | {check-circle} Yes | {check-circle} Yes | GitLab 16.2 | Instance |
updated_group_audit_event_streaming_destination |
Event triggered when an external audit event destination for a top-level group is updated. | {check-circle} Yes | {check-circle} Yes | GitLab 16.11 | Group |
updated_instance_audit_event_streaming_destination |
Event triggered when an external audit event destination for a GitLab instance is updated. | {check-circle} Yes | {check-circle} Yes | GitLab 16.11 | Instance |
Build artifacts
Name | Description | Saved to database | Streamed | Introduced in | Scope |
---|---|---|---|---|---|
job_artifact_downloaded |
Triggered when a user download a job artifact from a project | {dotted-circle} No | {check-circle} Yes | GitLab 16.8 | Project |
Code review
Name | Description | Saved to database | Streamed | Introduced in | Scope |
---|---|---|---|---|---|
delete_merge_request |
Event triggered on successful merge request deletion | {dotted-circle} No | {check-circle} Yes | GitLab 15.4 | Project |
Code review workflow
Name | Description | Saved to database | Streamed | Introduced in | Scope |
---|---|---|---|---|---|
merge_request_approval_operation |
Audit event triggered when a merge request is approved | {dotted-circle} No | {check-circle} Yes | GitLab 15.3 | Project |
merge_request_closed_by_project_bot |
Triggered when a merge request is closed using a project access token | {check-circle} Yes | {check-circle} Yes | GitLab 16.1 | Project |
merge_request_created_by_project_bot |
Triggered when a merge request is created using a project access token | {check-circle} Yes | {check-circle} Yes | GitLab 16.1 | Project |
merge_request_invalid_approver_rules |
Audit event triggered for an invalid rule when merge request is approved | {check-circle} Yes | {check-circle} Yes | GitLab 15.5 | Project |
merge_request_merged_by_project_bot |
Triggered when a merge request is merged using a project access token | {check-circle} Yes | {check-circle} Yes | GitLab 16.1 | Project |
merge_request_reopened_by_project_bot |
Triggered when a merge request is reopened using a project access token | {check-circle} Yes | {check-circle} Yes | GitLab 16.1 | Project |
project_merge_requests_template_updated |
Whenever a MR template is updated for a project, this audit event is created | {check-circle} Yes | {check-circle} Yes | GitLab 15.0 | Project |
project_remove_source_branch_after_merge_updated |
Create this audit event whenever a project has its setting to remove branches after merges modified | {check-circle} Yes | {check-circle} Yes | GitLab 14.10 | Project |
project_reset_approvals_on_push_updated |
Create this audit event whenever a project has its setting on whether approvals are reset on a push is updated | {check-circle} Yes | {check-circle} Yes | GitLab 14.2 | Project |
selective_code_owner_removals_updated |
Event triggered when selective code owner removal is updated | {check-circle} Yes | {check-circle} Yes | GitLab 17.0 | Project |
Code suggestions
Name | Description | Saved to database | Streamed | Introduced in | Scope |
---|---|---|---|---|---|
project_suggestion_commit_message_updated |
Create this audit event whenever a project has its suggested commit message updated | {check-circle} Yes | {check-circle} Yes | GitLab 14.10 | Project |
Compliance management
Name | Description | Saved to database | Streamed | Introduced in | Scope |
---|---|---|---|---|---|
add_gpg_key |
Event triggered when a GPG Key is created | {check-circle} Yes | {check-circle} Yes | GitLab 15.9 | User |
allow_author_approval_updated |
Event triggered on updating prevent merge request approval from authors from group merge request setting | {check-circle} Yes | {check-circle} Yes | GitLab 15.6 | Group |
allow_committer_approval_updated |
Event triggered on updating prevent merge request approval from committers from group merge request setting | {check-circle} Yes | {check-circle} Yes | GitLab 15.6 | Group |
allow_overrides_to_approver_list_per_merge_request_updated |
Event triggered on updating prevent users from modifying MR approval rules in merge requests from group merge request setting | {check-circle} Yes | {check-circle} Yes | GitLab 15.6 | Group |
audit_events_streaming_headers_update |
Triggered when a streaming header for audit events is updated | {check-circle} Yes | {check-circle} Yes | GitLab 15.3 | Group |
compliance_framework_added |
Triggered when a framework label is added to a project. | {check-circle} Yes | {check-circle} Yes | GitLab 17.2 | Project |
compliance_framework_deleted |
Triggered when a framework gets removed from a project | {check-circle} Yes | {check-circle} Yes | GitLab 14.1 | Project |
compliance_framework_id_updated |
audit when compliance framework ID is updated | {check-circle} Yes | {check-circle} Yes | GitLab 15.7 | Project |
compliance_framework_removed |
Triggered when a framework label is removed from a project. | {check-circle} Yes | {check-circle} Yes | GitLab 17.2 | Project |
create_compliance_framework |
Triggered on successful compliance framework creation | {check-circle} Yes | {check-circle} Yes | GitLab 14.6 | Group |
create_status_check |
Event triggered when an external status check is created | {check-circle} Yes | {check-circle} Yes | GitLab 15.9 | Project |
delete_status_check |
Event triggered when an external status check is deleted | {check-circle} Yes | {check-circle} Yes | GitLab 15.9 | Project |
destroy_compliance_framework |
Triggered on successful compliance framework deletion | {check-circle} Yes | {check-circle} Yes | GitLab 14.6 | Group |
email_created |
Event triggered when an email is created | {check-circle} Yes | {check-circle} Yes | GitLab 15.11 | User |
email_destroyed |
Event triggered when an email is destroyed | {check-circle} Yes | {check-circle} Yes | GitLab 15.11 | User |
external_status_check_name_updated |
Event triggered on updating name of a external status check | {check-circle} Yes | {check-circle} Yes | GitLab 15.7 | Project |
external_status_check_url_updated |
Whenever the URL that is used for external status checks for a pipeline is updated, this audit event is created | {check-circle} Yes | {check-circle} Yes | GitLab 15.0 | Project |
group_deletion_marked |
Event triggered when a group is marked for deletion. | {check-circle} Yes | {check-circle} Yes | GitLab 15.11 | Group |
group_destroyed |
Event triggered when a group is destroyed. | {check-circle} Yes | {check-circle} Yes | GitLab 15.11 | Group |
group_restored |
Event triggered when a group is restored. | {check-circle} Yes | {check-circle} Yes | GitLab 15.11 | Group |
group_saml_provider_create |
Event triggered when a group SAML provider is created | {check-circle} Yes | {check-circle} Yes | GitLab 15.9 | Group |
group_saml_provider_update |
Event triggered when a group SAML provider is updated | {check-circle} Yes | {check-circle} Yes | GitLab 15.9 | Group |
inactive_project_scheduled_for_deletion |
Triggered when inactive project is scheduled for deletion | {check-circle} Yes | {check-circle} Yes | GitLab 16.4 | Project |
member_created |
Event triggered when a membership is created | {check-circle} Yes | {check-circle} Yes | GitLab 15.9 | Group, Project |
member_destroyed |
Event triggered when a membership is destroyed | {check-circle} Yes | {check-circle} Yes | GitLab 15.9 | Group, Project |
member_updated |
Event triggered when a membership is updated | {check-circle} Yes | {check-circle} Yes | GitLab 15.9 | Group, Project |
merge_request_create |
Event triggered when a Merge Request is created | {dotted-circle} No | {check-circle} Yes | GitLab 15.9 | Project |
omniauth_login_failed |
Event triggered when an OmniAuth login fails | {check-circle} Yes | {check-circle} Yes | GitLab 16.3 | User |
password_reset_requested |
Event triggered when a user requests a password reset using a registered email address | {check-circle} Yes | {dotted-circle} No | GitLab 15.11 | User |
personal_access_token_created |
Event triggered when a user creates a personal access token | {check-circle} Yes | {check-circle} Yes | GitLab 15.9 | User |
personal_access_token_revoked |
Event triggered when a personal access token is revoked | {check-circle} Yes | {check-circle} Yes | GitLab 15.9 | User |
project_archived |
Event triggered when a project is archived. | {check-circle} Yes | {check-circle} Yes | GitLab 15.11 | Project |
project_deletion_marked |
Event triggered when a project is marked for deletion. | {check-circle} Yes | {check-circle} Yes | GitLab 15.11 | Project |
project_destroyed |
Event triggered when a project is destroyed. | {check-circle} Yes | {check-circle} Yes | GitLab 15.11 | Group |
project_export_file_download_started |
Event triggered when download of project export file gets started. | {check-circle} Yes | {check-circle} Yes | GitLab 15.11 | Project |
project_group_link_created |
Event triggered when a group is invited to a project | {check-circle} Yes | {check-circle} Yes | GitLab 15.9 | Group |
project_group_link_deleted |
Event triggered when a project group link is deleted | {check-circle} Yes | {check-circle} Yes | GitLab 15.9 | Group |
project_group_link_updated |
Event triggered when a project group link is updated | {check-circle} Yes | {check-circle} Yes | GitLab 15.9 | Project |
project_imported |
Event triggered when a project is imported. | {check-circle} Yes | {check-circle} Yes | GitLab 15.11 | Group |
project_restored |
Event triggered when a project is restored. | {check-circle} Yes | {check-circle} Yes | GitLab 15.11 | Project |
project_unarchived |
Event triggered when a project is unarchived. | {check-circle} Yes | {check-circle} Yes | GitLab 15.11 | Project |
protected_branch_allow_force_push_updated |
This audit event is created when a protected branch has its ability to allow force pushes is toggled | {check-circle} Yes | {check-circle} Yes | GitLab 14.3 | Project |
public_repository_download_operation |
Event triggered when a Git repository for a public project is downloaded | {dotted-circle} No | {check-circle} Yes | GitLab 17.0 | Project |
registration_created |
Event triggered when a user registers for instance access | {check-circle} Yes | {check-circle} Yes | GitLab 16.3 | User |
release_created |
Event triggered when a release is created | {check-circle} Yes | {check-circle} Yes | GitLab 15.9 | Project |
release_deleted_audit_event |
Event triggered when a release is deleted | {check-circle} Yes | {check-circle} Yes | GitLab 15.9 | Project |
release_milestones_updated |
Event triggered when a release's associated milestones are updated | {check-circle} Yes | {check-circle} Yes | GitLab 15.9 | Project |
release_updated |
Event triggered when a release is updated | {check-circle} Yes | {check-circle} Yes | GitLab 15.9 | Project |
remove_gpg_key |
Event triggered when a GPG Key is destroyed | {check-circle} Yes | {check-circle} Yes | GitLab 15.9 | User |
repository_download_operation |
Event triggered when a Git repository for a private or internal project is downloaded | {check-circle} Yes | {check-circle} Yes | GitLab 15.9 | Project |
require_password_to_approve_updated |
Event triggered on updating require user password for approvals from group merge request setting | {check-circle} Yes | {check-circle} Yes | GitLab 15.6 | Group |
retain_approvals_on_push_updated |
Event triggered on updating require new approvals when new commits are added to an MR from group merge request setting | {check-circle} Yes | {check-circle} Yes | GitLab 15.6 | Group |
saml_group_links_created |
Event triggered when a SAML Group Link is created | {check-circle} Yes | {check-circle} Yes | GitLab 15.9 | Group |
saml_group_links_removed |
Event triggered when a SAML Group Link is destroyed | {check-circle} Yes | {check-circle} Yes | GitLab 15.9 | Group |
smartcard_authentication_created |
Event triggered when a user authenticates with smartcard | {check-circle} Yes | {check-circle} Yes | GitLab 16.0 | User |
update_approval_rules |
Event triggered on updating a merge approval rule | {check-circle} Yes | {check-circle} Yes | GitLab 15.2 | Project |
update_compliance_framework |
Triggered when a compliance framework is updated | {check-circle} Yes | {check-circle} Yes | GitLab 14.6 | Group |
update_status_check |
Event triggered when an external status check is updated | {check-circle} Yes | {check-circle} Yes | GitLab 15.9 | Project |
Container registry
Name | Description | Saved to database | Streamed | Introduced in | Scope |
---|---|---|---|---|---|
container_repository_deleted |
Triggered when a project's container registry is deleted | {check-circle} Yes | {check-circle} Yes | GitLab 17.2 | Project |
container_repository_deletion_marked |
Triggered when a project's container repository is marked for deletion | {check-circle} Yes | {check-circle} Yes | GitLab 17.2 | Project |
container_repository_tags_deleted |
Triggered when a project's container repository tag is deleted | {check-circle} Yes | {check-circle} Yes | GitLab 17.2 | Project |
Continuous delivery
Name | Description | Saved to database | Streamed | Introduced in | Scope |
---|---|---|---|---|---|
deploy_key_added |
Triggered when deploy key is added | {check-circle} Yes | {check-circle} Yes | GitLab 15.3 | Project |
deploy_key_removed |
Audit event triggered when deploy key is removed | {check-circle} Yes | {check-circle} Yes | GitLab 15.3 | Project |
deploy_token_created |
Audit event triggered when deploy token is created | {check-circle} Yes | {check-circle} Yes | GitLab 15.1 | Project |
deploy_token_creation_failed |
Audit event triggered when deploy token fails to create | {check-circle} Yes | {check-circle} Yes | GitLab 15.1 | Project |
deploy_token_destroyed |
Audit event triggered when deploy token is destroyed | {check-circle} Yes | {check-circle} Yes | GitLab 15.1 | Project |
deploy_token_revoked |
Triggered when project deploy token is revoked | {check-circle} Yes | {check-circle} Yes | GitLab 15.1 | Project |
deployment_approved |
Triggered when a deployment is approved | {check-circle} Yes | {check-circle} Yes | GitLab 17.1 | Project |
deployment_rejected |
Triggered when a deployment is rejected | {check-circle} Yes | {check-circle} Yes | GitLab 17.1 | Project |
deployment_started |
Triggered when a deployment to a protected environment is started | {check-circle} Yes | {check-circle} Yes | GitLab 17.2 | Project |
group_deploy_token_created |
Audit event triggered when a groups deploy token is created | {check-circle} Yes | {check-circle} Yes | GitLab 15.3 | Group |
group_deploy_token_creation_failed |
Audit event triggered when a groups deploy token fails to create | {check-circle} Yes | {check-circle} Yes | GitLab 15.3 | Group |
group_deploy_token_destroyed |
Audit event triggered when group deploy token is destroyed | {check-circle} Yes | {check-circle} Yes | GitLab 15.3 | Group |
group_deploy_token_revoked |
Audit event triggered when group deploy token is revoked | {check-circle} Yes | {check-circle} Yes | GitLab 15.3 | Group |
Continuous integration
Name | Description | Saved to database | Streamed | Introduced in | Scope |
---|---|---|---|---|---|
allow_merge_on_skipped_pipeline_updated |
There is a project setting which toggles the ability to merge when a pipeline is skipped. This audit event tracks changes to that setting. This MR adds a setting to allow this (like previous GitLab versions). | {check-circle} Yes | {check-circle} Yes | GitLab 14.10 | Project |
ci_group_variable_created |
Triggered when a CI variable is created at a group level | {check-circle} Yes | {check-circle} Yes | GitLab 15.2 | Group |
ci_group_variable_deleted |
Triggered when a group's CI variable is deleted | {check-circle} Yes | {check-circle} Yes | GitLab 15.2 | Group |
ci_group_variable_updated |
Triggered when a group's CI variable is updated | {check-circle} Yes | {check-circle} Yes | GitLab 15.2 | Group |
ci_instance_variable_created |
When an instance level CI variable is created | {check-circle} Yes | {check-circle} Yes | GitLab 16.5 | Instance |
ci_instance_variable_deleted |
When an instance level CI variable is deleted | {check-circle} Yes | {check-circle} Yes | GitLab 16.5 | Instance |
ci_instance_variable_updated |
When an instance level CI variable is changed | {check-circle} Yes | {check-circle} Yes | GitLab 16.5 | Instance |
ci_variable_created |
Triggered when a CI variable is created at a project level | {check-circle} Yes | {check-circle} Yes | GitLab 15.2 | Project |
ci_variable_deleted |
Triggered when a project's CI variable is deleted | {check-circle} Yes | {check-circle} Yes | GitLab 15.2 | Project |
ci_variable_updated |
Triggered when a project's CI variable is updated | {check-circle} Yes | {check-circle} Yes | GitLab 15.2 | Project |
destroy_pipeline |
Event triggered when a pipeline is deleted | {check-circle} Yes | {check-circle} Yes | GitLab 16.6 | Project |
Deployment management
Name | Description | Saved to database | Streamed | Introduced in | Scope |
---|---|---|---|---|---|
cluster_agent_token_created |
Event triggered when a user creates a cluster agent token | {check-circle} Yes | {check-circle} Yes | GitLab 15.10 | Project |
cluster_agent_token_revoked |
Event triggered when a user revokes a cluster agent token | {check-circle} Yes | {check-circle} Yes | GitLab 15.10 | Project |
Dynamic application security testing
Name | Description | Saved to database | Streamed | Introduced in | Scope |
---|---|---|---|---|---|
dast_profile_create |
Triggered when a dynamic application security testing profile is created | {check-circle} Yes | {check-circle} Yes | GitLab 14.1 | Project |
dast_profile_destroy |
Triggered when a dynamic application security profile is removed | {check-circle} Yes | {check-circle} Yes | GitLab 14.1 | Project |
dast_profile_schedule_create |
Triggered when a dynamic application security testing profile schedule is created | {check-circle} Yes | {check-circle} Yes | GitLab 14.3 | Project |
dast_profile_schedule_update |
Triggered when a dynamic application security testing profile schedule is updated | {check-circle} Yes | {check-circle} Yes | GitLab 14.3 | Project |
dast_profile_update |
Triggered when a dynamic application security profile is updated | {check-circle} Yes | {check-circle} Yes | GitLab 14.1 | Project |
dast_scanner_profile_create |
Triggered when a dynamic application security testing scanner profile is created | {check-circle} Yes | {check-circle} Yes | GitLab 14.0 | Project |
dast_scanner_profile_destroy |
Triggered when a dynamic application security testing scanner profile is removed | {check-circle} Yes | {check-circle} Yes | GitLab 14.0 | Project |
dast_scanner_profile_update |
Triggered when a dynamic application security testing scanner profile is updated | {check-circle} Yes | {check-circle} Yes | GitLab 14.0 | Project |
dast_site_profile_create |
Triggered when a dynamic application security testing site profile is created | {check-circle} Yes | {check-circle} Yes | GitLab 14.0 | Project |
dast_site_profile_destroy |
Triggered when a dynamic application security testing site profile is removed | {check-circle} Yes | {check-circle} Yes | GitLab 14.0 | Project |
dast_site_profile_update |
Triggered when a dynamic application security testing site profile is updated | {check-circle} Yes | {check-circle} Yes | GitLab 14.0 | Project |
Environment management
Name | Description | Saved to database | Streamed | Introduced in | Scope |
---|---|---|---|---|---|
environment_protected |
This event is triggered when a protected environment is created. | {check-circle} Yes | {check-circle} Yes | GitLab 15.8 | Group, Project |
environment_unprotected |
This event is triggered when a protected environment is unprotected. | {check-circle} Yes | {check-circle} Yes | GitLab 15.8 | Group, Project |
protected_environment_approval_rule_added |
This event is triggered when an approval rule is added to a protected environment. | {check-circle} Yes | {check-circle} Yes | GitLab 16.5 | Group, Project |
protected_environment_approval_rule_deleted |
This event is triggered when an approval rule is removed from a protected environment. | {check-circle} Yes | {check-circle} Yes | GitLab 16.5 | Project, Group |
protected_environment_approval_rule_updated |
This event is triggered when an approval rule of a protected environment is updated. | {check-circle} Yes | {check-circle} Yes | GitLab 16.5 | Project, Group |
protected_environment_deploy_access_level_added |
This event is triggered when a deploy access level is added to a protected environment. | {check-circle} Yes | {check-circle} Yes | GitLab 16.5 | Group, Project |
protected_environment_deploy_access_level_deleted |
This event is triggered when a deploy access level is removed from a protected environment. | {check-circle} Yes | {check-circle} Yes | GitLab 16.5 | Group, Project |
protected_environment_deploy_access_level_updated |
This event is triggered when a deploy access level of a protected environment is updated | {check-circle} Yes | {check-circle} Yes | GitLab 16.5 | Project |
protected_environment_updated |
This event is triggered when a protected environment is updated. | {check-circle} Yes | {check-circle} Yes | GitLab 16.5 | Group, Project |
Feature flags
Name | Description | Saved to database | Streamed | Introduced in | Scope |
---|---|---|---|---|---|
feature_flag_created |
Triggered when a feature flag is created. | {check-circle} Yes | {check-circle} Yes | GitLab 15.10 | Project |
feature_flag_deleted |
Triggered when a feature flag is deleted. | {check-circle} Yes | {check-circle} Yes | GitLab 15.10 | Project |
feature_flag_updated |
Triggered when a feature flag is updated. | {check-circle} Yes | {check-circle} Yes | GitLab 15.10 | Project |
Fleet visibility
Name | Description | Saved to database | Streamed | Introduced in | Scope |
---|---|---|---|---|---|
ci_runner_usage_export |
Triggered when a runner usage report is generated. | {check-circle} Yes | {check-circle} Yes | GitLab 16.8 | Instance |
Fuzz testing
Name | Description | Saved to database | Streamed | Introduced in | Scope |
---|---|---|---|---|---|
coverage_fuzzing_corpus_create |
Event triggered on a corpus action is added | {check-circle} Yes | {check-circle} Yes | GitLab 14.5 | Project |
Groups and projects
Name | Description | Saved to database | Streamed | Introduced in | Scope |
---|---|---|---|---|---|
create_ssh_certificate |
Event triggered when an SSH certificate is created. | {check-circle} Yes | {check-circle} Yes | GitLab 16.6 | Group |
delete_ssh_certificate |
Event triggered when an SSH certificate is deleted. | {check-circle} Yes | {check-circle} Yes | GitLab 16.6 | Group |
group_created |
Event triggered when a group is created. | {check-circle} Yes | {check-circle} Yes | GitLab 16.3 | Group |
group_lfs_enabled_updated |
Event triggered when a groups lfs enabled is updated. | {check-circle} Yes | {check-circle} Yes | GitLab 15.7 | Group |
group_membership_lock_updated |
Event triggered when a groups membership lock is updated. | {check-circle} Yes | {check-circle} Yes | GitLab 15.7 | Group |
group_merge_request_approval_setting_created |
Triggered when merge request approval settings are added on a group level. | {check-circle} Yes | {check-circle} Yes | GitLab 15.1 | Group |
group_name_updated |
Event triggered when a groups name is updated. | {check-circle} Yes | {check-circle} Yes | GitLab 15.7 | Group |
group_path_updated |
Event triggered when a groups path is updated. | {check-circle} Yes | {check-circle} Yes | GitLab 15.7 | Group |
group_project_creation_level_updated |
Event triggered when a groups project creation level is updated. | {check-circle} Yes | {check-circle} Yes | GitLab 15.7 | Group |
group_repository_size_limit_updated |
Event triggered when a groups repository size limit is updated. | {check-circle} Yes | {check-circle} Yes | GitLab 15.7 | Group |
group_request_access_enabled_updated |
Event triggered when a groups request access enabled is updated. | {check-circle} Yes | {check-circle} Yes | GitLab 15.7 | Group |
group_require_two_factor_authentication_updated |
Event triggered when a groups require two factor authentication setting is updated. | {check-circle} Yes | {check-circle} Yes | GitLab 15.7 | Group |
group_share_with_group_link_created |
This event is triggered when you proceed to invite a group to another group via the 'invite group' tab on the group's membership page | {check-circle} Yes | {check-circle} Yes | GitLab 15.10 | Group |
group_share_with_group_link_removed |
This event is triggered when you proceed to invite a group to another group via the 'invite group' tab on the group's membership page | {check-circle} Yes | {check-circle} Yes | GitLab 15.10 | Group |
group_share_with_group_link_updated |
This event is triggered when you proceed to invite a group to another group via the 'invite group' tab on the group's membership page | {check-circle} Yes | {check-circle} Yes | GitLab 15.10 | Group |
group_shared_runners_minutes_limit_updated |
Event triggered when a groups shared runners minutes limit is updated. | {check-circle} Yes | {check-circle} Yes | GitLab 15.7 | Group |
group_two_factor_grace_period_updated |
Event triggered when a groups two factor grace period is updated. | {check-circle} Yes | {check-circle} Yes | GitLab 15.7 | Group |
group_visibility_level_updated |
Event triggered when a groups visibility level is updated. | {check-circle} Yes | {check-circle} Yes | GitLab 15.7 | Group |
merge_commit_template_updated |
audit when merge commit template is updated | {check-circle} Yes | {check-circle} Yes | GitLab 15.8 | Project |
project_cicd_merge_pipelines_enabled_updated |
audit when project cicd merge pipelines setting is updated | {check-circle} Yes | {check-circle} Yes | GitLab 15.8 | Project |
project_cicd_merge_trains_enabled_updated |
Event triggered on updating project setting for enabling ci cd merge trains | {check-circle} Yes | {check-circle} Yes | GitLab 15.8 | Project |
project_created |
Event triggered when a project is created. | {check-circle} Yes | {check-circle} Yes | GitLab 16.0 | Project |
project_default_branch_updated |
Event triggered when default branch of a project's repository is updated. | {check-circle} Yes | {check-circle} Yes | GitLab 16.0 | Project |
project_description_updated |
Triggered when a project's description is updated | {dotted-circle} No | {check-circle} Yes | GitLab 16.3 | Project |
project_disable_overriding_approvers_per_merge_request_updated |
audit when project disable overriding approvers per mr setting is updated | {check-circle} Yes | {check-circle} Yes | GitLab 15.7 | Project |
project_feature_analytics_access_level_updated |
Event triggered when a project's analytics access level setting is updated. | {check-circle} Yes | {check-circle} Yes | GitLab 15.7 | Project |
project_feature_builds_access_level_updated |
Event triggered when a project's builds access level setting is updated. | {check-circle} Yes | {check-circle} Yes | GitLab 15.7 | Project |
project_feature_container_registry_access_level_updated |
Event triggered when a project's container registry access level setting is updated. | {check-circle} Yes | {check-circle} Yes | GitLab 15.7 | Project |
project_feature_environments_access_level_updated |
Event triggered when a project's environments access level setting is updated. | {check-circle} Yes | {check-circle} Yes | GitLab 15.7 | Project |
project_feature_feature_flags_access_level_updated |
Event triggered when a project's feature flags access level setting is updated. | {check-circle} Yes | {check-circle} Yes | GitLab 15.7 | Project |
project_feature_forking_access_level_updated |
Event triggered when a project's feature forking access level setting is updated. | {check-circle} Yes | {check-circle} Yes | GitLab 15.7 | Project |
project_feature_infrastructure_access_level_updated |
Event triggered when a project's infrastructure access level setting is updated. | {check-circle} Yes | {check-circle} Yes | GitLab 15.7 | Project |
project_feature_issues_access_level_updated |
Event triggered when a project's issues access level setting is updated. | {check-circle} Yes | {check-circle} Yes | GitLab 15.7 | Project |
project_feature_merge_requests_access_level_updated |
Event triggered when a project's merge request access level setting is updated. | {check-circle} Yes | {check-circle} Yes | GitLab 15.7 | Project |
project_feature_metrics_dashboard_access_level_updated |
Event triggered when a project's metrics dashboard access level setting is updated. | {check-circle} Yes | {check-circle} Yes | GitLab 15.7 | Project |
project_feature_monitor_access_level_updated |
Event triggered when a project's monitor access level setting is updated. | {check-circle} Yes | {check-circle} Yes | GitLab 15.7 | Project |
project_feature_operations_access_level_updated |
Event triggered when a project's operation access level setting is updated. | {check-circle} Yes | {check-circle} Yes | GitLab 15.7 | Project |
project_feature_package_registry_access_level_updated |
Event triggered when a project's package registry access level setting is updated. | {check-circle} Yes | {check-circle} Yes | GitLab 15.7 | Project |
project_feature_pages_access_level_updated |
Event triggered when a project's page access level setting is updated. | {check-circle} Yes | {check-circle} Yes | GitLab 15.7 | Project |
project_feature_releases_access_level_updated |
Event triggered when a project's releases access level setting is updated. | {check-circle} Yes | {check-circle} Yes | GitLab 15.7 | Project |
project_feature_repository_access_level_updated |
Event triggered when a project's repository access level setting is updated. | {check-circle} Yes | {check-circle} Yes | GitLab 15.7 | Project |
project_feature_requirements_access_level_updated |
Event triggered when a project's requirements access level setting is updated. | {check-circle} Yes | {check-circle} Yes | GitLab 15.7 | Project |
project_feature_security_and_compliance_access_level_updated |
Event triggered when a project's security and compliance access level setting is updated. | {check-circle} Yes | {check-circle} Yes | GitLab 15.7 | Project |
project_feature_snippets_access_level_updated |
Event triggered when a project's snippet access level setting is updated. | {check-circle} Yes | {check-circle} Yes | GitLab 15.7 | Project |
project_feature_wiki_access_level_updated |
Event triggered when a project's wiki access level setting is updated. | {check-circle} Yes | {check-circle} Yes | GitLab 15.7 | Project |
project_merge_method_updated |
Triggered when a project's merge request method has been changed. | {check-circle} Yes | {check-circle} Yes | GitLab 14.10 | Project |
project_merge_requests_author_approval_updated |
audit when project mr author approval setting is updated | {check-circle} Yes | {check-circle} Yes | GitLab 15.7 | Project |
project_merge_requests_disable_committers_approval_updated |
Event triggered on updating project setting for disabling committers approval on merge requests | {check-circle} Yes | {check-circle} Yes | GitLab 15.7 | Project |
project_name_updated |
Create this audit event whenever a project has its name updated | {check-circle} Yes | {check-circle} Yes | GitLab 10.2 | Project |
project_namespace_updated |
audit when project namespace is updated | {check-circle} Yes | {check-circle} Yes | GitLab 15.7 | Project |
project_only_allow_merge_if_all_discussions_are_resolved_updated |
Event triggered on updating project setting for allowing merge only when all discussions are resolved | {check-circle} Yes | {check-circle} Yes | GitLab 15.7 | Project |
project_only_allow_merge_if_pipeline_succeeds_updated |
audit when project only allow merge if pipeline succeeds setting is updated | {check-circle} Yes | {check-circle} Yes | GitLab 15.7 | Project |
project_packages_enabled_updated |
When the setting that controls packages for a project is toggled, this audit event is created | {check-circle} Yes | {check-circle} Yes | GitLab 11.5 | Project |
project_path_updated |
Event triggered on updating a project's path | {check-circle} Yes | {check-circle} Yes | GitLab 15.5 | Project |
project_printing_merge_request_link_enabled_updated |
Event triggered on updating setting for projects for enabling printing merge request link | {check-circle} Yes | {check-circle} Yes | GitLab 15.7 | Project |
project_repository_size_limit_updated |
Event triggered on updating repository size limit of a project | {check-circle} Yes | {check-circle} Yes | GitLab 15.7 | Project |
project_require_password_to_approve_updated |
Event triggered on updating project setting for requiring user's password for approval of merge request | {check-circle} Yes | {check-circle} Yes | GitLab 15.7 | Project |
project_resolve_outdated_diff_discussions_updated |
audit when project resolve outdated diff discussions setting is updated | {check-circle} Yes | {check-circle} Yes | GitLab 15.7 | Project |
project_security_setting_updated |
Triggered when a project security setting is updated | {check-circle} Yes | {check-circle} Yes | GitLab 17.0 | Project |
project_visibility_level_updated |
audit when project visiblity level setting is updated | {check-circle} Yes | {check-circle} Yes | GitLab 15.7 | Project |
squash_commit_template_updated |
Event triggered on updating the merge request squash commit template for a project | {check-circle} Yes | {check-circle} Yes | GitLab 15.8 | Project |
squash_option_updated |
Triggered when squash option setting has been changed. | {check-circle} Yes | {check-circle} Yes | GitLab 15.0 | Project |
Importers
Name | Description | Saved to database | Streamed | Introduced in | Scope |
---|---|---|---|---|---|
group_export_created |
Triggered when a group file export is created | {check-circle} Yes | {check-circle} Yes | GitLab 17.0 | Group |
project_export_created |
Triggered when a project file export is created | {check-circle} Yes | {check-circle} Yes | GitLab 17.0 | Project |
Incident management
Name | Description | Saved to database | Streamed | Introduced in | Scope |
---|---|---|---|---|---|
incident_closed_by_project_bot |
Triggered when an incident is closed using a project access token | {check-circle} Yes | {check-circle} Yes | GitLab 16.1 | Project |
incident_created_by_project_bot |
Triggered when an incident is created using a project access token | {check-circle} Yes | {check-circle} Yes | GitLab 16.1 | Project |
incident_reopened_by_project_bot |
Triggered when an incident is reopened using a project access token | {check-circle} Yes | {check-circle} Yes | GitLab 16.1 | Project |
MLOps
Name | Description | Saved to database | Streamed | Introduced in | Scope |
---|---|---|---|---|---|
project_feature_model_experiments_access_level_updated |
Model experiments access level was updated | {check-circle} Yes | {check-circle} Yes | GitLab 16.1 | Project |
project_feature_model_registry_access_level_updated |
Model registry access level was updated | {check-circle} Yes | {check-circle} Yes | GitLab 16.7 | Project |
Not categorized
Name | Description | Saved to database | Streamed | Introduced in | Scope |
---|---|---|---|---|---|
experiment_features_enabled_updated |
Event triggered on toggling setting for enabling experiment AI features | {check-circle} Yes | {check-circle} Yes | GitLab 16.0 | Group |
Permissions
Name | Description | Saved to database | Streamed | Introduced in | Scope |
---|---|---|---|---|---|
member_role_created |
Event triggered when a custom role is created. | {check-circle} Yes | {check-circle} Yes | GitLab 16.7 | Group, Instance |
member_role_deleted |
Event triggered when a custom role is deleted. | {check-circle} Yes | {check-circle} Yes | GitLab 16.9 | Group, Instance |
member_role_updated |
Event triggered when a custom role is updated. | {check-circle} Yes | {check-circle} Yes | GitLab 16.9 | Group, Instance |
Portfolio management
Name | Description | Saved to database | Streamed | Introduced in | Scope |
---|---|---|---|---|---|
delete_epic |
Event triggered on successful epic deletion | {dotted-circle} No | {check-circle} Yes | GitLab 15.4 | Group |
epic_closed_by_project_bot |
Triggered when an epic is closed by a group access token | {check-circle} Yes | {check-circle} Yes | GitLab 16.1 | Group |
epic_created_by_project_bot |
Triggered when an epic is created by a group access token | {check-circle} Yes | {check-circle} Yes | GitLab 16.1 | Group |
epic_reopened_by_project_bot |
Triggered when an epic is reopened by a group access token | {check-circle} Yes | {check-circle} Yes | GitLab 16.1 | Group |
Product analytics data management
Name | Description | Saved to database | Streamed | Introduced in | Scope |
---|---|---|---|---|---|
product_analytics_settings_update |
Triggered when product analytics settings are changed | {check-circle} Yes | {check-circle} Yes | GitLab 17.1 | Project |
Project
Name | Description | Saved to database | Streamed | Introduced in | Scope |
---|---|---|---|---|---|
project_access_token_created |
Event triggered on creating a project access token | {check-circle} Yes | {check-circle} Yes | GitLab 15.2 | Project |
project_access_token_creation_failed |
Event triggered on failure to create a project access token | {check-circle} Yes | {check-circle} Yes | GitLab 15.2 | Project |
project_access_token_deleted |
Event triggered on creating a project access token | {check-circle} Yes | {check-circle} Yes | GitLab 15.2 | Project |
project_access_token_deletion_failed |
Event triggered on failure to delete a project access token | {check-circle} Yes | {check-circle} Yes | GitLab 15.2 | Project |
Quality management
Name | Description | Saved to database | Streamed | Introduced in | Scope |
---|---|---|---|---|---|
test_case_closed_by_project_bot |
Triggered when a test case is closed using a project access token | {check-circle} Yes | {check-circle} Yes | GitLab 16.1 | Project |
test_case_created_by_project_bot |
Triggered when a test case is created using a project access token | {check-circle} Yes | {check-circle} Yes | GitLab 16.1 | Project |
test_case_reopened_by_project_bot |
Triggered when a test case is reopened using a project access token | {check-circle} Yes | {check-circle} Yes | GitLab 16.1 | Project |
Runner
Name | Description | Saved to database | Streamed | Introduced in | Scope |
---|---|---|---|---|---|
set_runner_associated_projects |
Event triggered on successful assignment of associated projects to a CI runner | {check-circle} Yes | {check-circle} Yes | GitLab 15.4 | User |
Secret detection
Name | Description | Saved to database | Streamed | Introduced in | Scope |
---|---|---|---|---|---|
skip_secret_push_protection |
Triggered when secret push protection is skipped by the user | {check-circle} Yes | {check-circle} Yes | GitLab 16.11 | Project |
Security policy management
Name | Description | Saved to database | Streamed | Introduced in | Scope |
---|---|---|---|---|---|
policy_project_updated |
This event is triggered whenever the security policy project is updated for a project. | {check-circle} Yes | {check-circle} Yes | GitLab 15.6 | Group, Project |
Source code management
Name | Description | Saved to database | Streamed | Introduced in | Scope |
---|---|---|---|---|---|
approval_rule_created |
Triggered when a merge request approval rule is created | {check-circle} Yes | {check-circle} Yes | GitLab 15.2 | Project |
approval_rule_deleted |
Triggered on successful approval rule deletion | {check-circle} Yes | {check-circle} Yes | GitLab 14.9 | Project |
group_push_rules_author_email_regex_updated |
Event triggered when a groups push rules settings is changed for author email regex. | {check-circle} Yes | {check-circle} Yes | GitLab 15.7 | Group |
group_push_rules_branch_name_regex_updated |
Event triggered when a groups push rules settings is changed for branch name regex. | {check-circle} Yes | {check-circle} Yes | GitLab 15.7 | Group |
group_push_rules_commit_committer_check_updated |
Triggered when group push rule setting is updated for reject unverified users. | {check-circle} Yes | {check-circle} Yes | GitLab 15.0 | Group |
group_push_rules_commit_message_negative_regex_updated |
Event triggered when a groups push rules settings is changed for commit message negative regex. | {check-circle} Yes | {check-circle} Yes | GitLab 15.7 | Group |
group_push_rules_commit_message_regex_updated |
Event triggered when a groups push rules settings is changed for commit message regex. | {check-circle} Yes | {check-circle} Yes | GitLab 15.7 | Group |
group_push_rules_file_name_regex_updated |
Event triggered when a groups push rules settings is changed for filename regex. | {check-circle} Yes | {check-circle} Yes | GitLab 15.7 | Group |
group_push_rules_max_file_size_updated |
Event triggered when a groups push rules settings is changed for max file size. | {check-circle} Yes | {check-circle} Yes | GitLab 15.7 | Group |
group_push_rules_prevent_secrets_updated |
Triggered when group push rule setting is updated to prevent pushing secret files. | {check-circle} Yes | {check-circle} Yes | GitLab 15.0 | Group |
group_push_rules_reject_deny_delete_tag_updated |
Triggered when group push rule setting is updated to deny deletion of tags using Git push. | {check-circle} Yes | {check-circle} Yes | GitLab 15.0 | Group |
group_push_rules_reject_member_check_updated |
Triggered when group push rule setting is updated to check if commit author is a GitLab user. | {check-circle} Yes | {check-circle} Yes | GitLab 15.0 | Group |
group_push_rules_reject_non_dco_commits_updated |
Triggered when group push rule setting is updated for reject non DCO certified commits. | {check-circle} Yes | {check-circle} Yes | GitLab 15.0 | Group |
group_push_rules_reject_unsigned_commits_updated |
Triggered when group push rule setting is updated for reject unsigned commits. | {check-circle} Yes | {check-circle} Yes | GitLab 15.0 | Group |
merged_merge_request_deleted |
Audit event triggered when a merged merge request is deleted | {dotted-circle} No | {check-circle} Yes | GitLab 16.0 | Project |
merged_merge_request_deletion_started |
Audit event triggered when a merged merge request's deletion is started | {dotted-circle} No | {check-circle} Yes | GitLab 16.1 | Project |
project_fork_operation |
Audit event triggered when a project is forked | {check-circle} Yes | {check-circle} Yes | GitLab 15.2 | Project |
project_fork_relationship_removed |
Event triggered on successful removal of project's fork relationship | {check-circle} Yes | {check-circle} Yes | GitLab 15.6 | Project |
project_push_rules_commit_committer_check_updated |
Triggered when project push rule setting is updated for reject unverified users. | {check-circle} Yes | {check-circle} Yes | GitLab 16.5 | Project |
protected_branch_code_owner_approval_required_updated |
audit when protected branch code owner approval required setting is updated | {check-circle} Yes | {check-circle} Yes | GitLab 15.8 | Project |
protected_branch_created |
Triggered when a protected branch is created | {check-circle} Yes | {check-circle} Yes | GitLab 15.2 | Project |
protected_branch_removed |
Triggered when a protected branch is removed | {check-circle} Yes | {check-circle} Yes | GitLab 15.2 | Project |
protected_branch_updated |
Event triggered on the setting for protected branches is update | {check-circle} Yes | {check-circle} Yes | GitLab 15.8 | Project |
repository_git_operation |
Triggered when authenticated users push, pull, or clone a project using SSH, HTTP(S), or the UI | {dotted-circle} No | {check-circle} Yes | GitLab 14.9 | Project |
require_reauthentication_to_approve_updated |
Logged when the setting for requiring reauthentication for merge requqest approvals is toggled. | {check-circle} Yes | {check-circle} Yes | GitLab 17.1 | Group, Project |
manually_trigger_housekeeping |
Triggered when manually triggering housekeeping via API or admin UI | {check-circle} Yes | {check-circle} Yes | GitLab 15.9 | Project |
project_blobs_removal |
Triggered when removing blobs via the GraphQL API or project settings UI | {check-circle} Yes | {check-circle} Yes | GitLab 17.0 | Project |
project_text_replacement |
Triggered when replacing text via the GraphQL API or project settings UI | {check-circle} Yes | {check-circle} Yes | GitLab 17.1 | Project |
Subgroup
Name | Description | Saved to database | Streamed | Introduced in | Scope |
---|---|---|---|---|---|
group_access_token_created |
Event triggered on creating a group access token | {check-circle} Yes | {check-circle} Yes | GitLab 15.2 | Group |
group_access_token_creation_failed |
Event triggered on failing to create a group access token | {check-circle} Yes | {check-circle} Yes | GitLab 15.2 | Group |
group_access_token_deleted |
Event triggered on deleting a group access token | {check-circle} Yes | {check-circle} Yes | GitLab 15.2 | Group |
group_access_token_deletion_failed |
Event triggered on failure to delete a group access token | {check-circle} Yes | {check-circle} Yes | GitLab 15.2 | Group |
System access
Name | Description | Saved to database | Streamed | Introduced in | Scope |
---|---|---|---|---|---|
application_setting_updated |
Triggered when Application setting is updated | {check-circle} Yes | {check-circle} Yes | GitLab 16.3 | Instance |
ip_restrictions_changed |
Event triggered on any changes in the IP AllowList | {check-circle} Yes | {check-circle} Yes | GitLab 15.0 | Group |
login_failed_with_otp_authentication |
Triggered when the login fails due to an incorrect OTP | {check-circle} Yes | {check-circle} Yes | GitLab 16.4 | User |
login_failed_with_standard_authentication |
Triggered when login to GitLab fails with standard authentication like password. | {check-circle} Yes | {check-circle} Yes | GitLab 16.4 | Instance |
login_failed_with_webauthn_authentication |
Triggered when login fails via WebAuthn device | {check-circle} Yes | {check-circle} Yes | GitLab 16.4 | User |
update_mismatched_group_saml_extern_uid |
Triggered when the external UID is changed on a SAML identity. | {check-circle} Yes | {check-circle} Yes | GitLab 15.7 | User |
user_access_locked |
Event triggered when user access to the instance is locked | {check-circle} Yes | {check-circle} Yes | GitLab 16.2 | User |
user_access_unlocked |
Event triggered when user access to the instance is unlocked | {check-circle} Yes | {check-circle} Yes | GitLab 16.2 | User |
user_disable_two_factor |
Audit event triggered when user disables two factor authentication | {check-circle} Yes | {check-circle} Yes | GitLab 15.1 | User |
user_enable_admin_mode |
Event triggered on enabling Admin Mode | {check-circle} Yes | {check-circle} Yes | GitLab 15.7 | User |
Team planning
Name | Description | Saved to database | Streamed | Introduced in | Scope |
---|---|---|---|---|---|
comment_by_project_bot |
Triggered when a comment is added to an issue or an MR using the project access token | {dotted-circle} No | {check-circle} Yes | GitLab 16.1 | Project |
delete_issue |
Event triggered on successful issue deletion | {dotted-circle} No | {check-circle} Yes | GitLab 15.4 | Project |
delete_work_item |
Event triggered on successful work item deletion | {dotted-circle} No | {check-circle} Yes | GitLab 15.4 | Project |
issue_closed_by_project_bot |
Triggered when an issue is closed using a project access token | {check-circle} Yes | {check-circle} Yes | GitLab 16.1 | Project |
issue_created_by_project_bot |
Triggered when an issue is created using a project access token | {check-circle} Yes | {check-circle} Yes | GitLab 16.1 | Project |
issue_reopened_by_project_bot |
Triggered when an issue is reopened using a project access token | {check-circle} Yes | {check-circle} Yes | GitLab 16.1 | Project |
task_closed_by_project_bot |
Triggered when a task is closed using a project access token | {check-circle} Yes | {check-circle} Yes | GitLab 16.1 | Project |
task_created_by_project_bot |
Triggered when a task is created using a project access token | {check-circle} Yes | {check-circle} Yes | GitLab 16.1 | Project |
task_reopened_by_project_bot |
Triggered when a task is reopened using a project access token | {check-circle} Yes | {check-circle} Yes | GitLab 16.1 | Project |
User management
Name | Description | Saved to database | Streamed | Introduced in | Scope |
---|---|---|---|---|---|
authenticated_with_group_saml |
Triggered after successfully signing in with SAML authentication | {check-circle} Yes | {check-circle} Yes | GitLab 12.10 | Group |
ban_user |
Event triggered on user ban action | {check-circle} Yes | {check-circle} Yes | GitLab 15.11 | User |
change_membership_state |
Event triggered on a users membership is updated | {check-circle} Yes | {check-circle} Yes | GitLab 15.1 | Group |
password_reset_failed |
Event triggered when a password reset fails for a user | {dotted-circle} No | {check-circle} Yes | GitLab 16.4 | User |
unban_user |
Event triggered on user unban action | {check-circle} Yes | {check-circle} Yes | GitLab 15.11 | User |
unblock_user |
Event triggered on user unblock action | {check-circle} Yes | {check-circle} Yes | GitLab 15.11 | User |
user_activate |
Event triggered on user activate action | {check-circle} Yes | {check-circle} Yes | GitLab 16.1 | User |
user_approved |
Event triggered when a user is approved for an instance | {check-circle} Yes | {dotted-circle} No | GitLab 15.11 | User |
user_blocked |
Event triggered when a user is blocked | {check-circle} Yes | {dotted-circle} No | GitLab 15.11 | User |
user_created |
Event triggered when a user is created | {check-circle} Yes | {check-circle} Yes | GitLab 15.10 | User |
user_deactivate |
Event triggered on user deactivate action | {check-circle} Yes | {check-circle} Yes | GitLab 16.0 | User |
user_destroyed |
Event triggered when a user is scheduled for removal from the instance | {check-circle} Yes | {dotted-circle} No | GitLab 15.11 | User |
user_email_changed_and_user_signed_in |
audit when user emailed changed and user signed in | {check-circle} Yes | {check-circle} Yes | GitLab 15.8 | User |
user_impersonation |
Triggered when an instance administrator starts or stops impersonating a user | {check-circle} Yes | {check-circle} Yes | GitLab 14.8 | User, Group |
user_password_updated |
audit when user password is updated | {check-circle} Yes | {check-circle} Yes | GitLab 15.7 | User |
user_rejected |
Event triggered when a user registration is rejected | {check-circle} Yes | {dotted-circle} No | GitLab 15.11 | User |
User profile
Name | Description | Saved to database | Streamed | Introduced in | Scope |
---|---|---|---|---|---|
email_confirmation_sent |
Triggered when users add or change and email address and it needs to be confirmed. | {dotted-circle} No | {check-circle} Yes | GitLab 16.3 | User |
remove_ssh_key |
Audit event triggered when a SSH key is removed | {check-circle} Yes | {check-circle} Yes | GitLab 14.1 | User |
user_admin_status_updated |
Adds an audit event when a user is either made an administrator, or removed as an administrator | {check-circle} Yes | {check-circle} Yes | GitLab 14.1 | User |
user_auditor_status_updated |
Adds an audit event when a user is either made an auditor, or removed as an auditor | {check-circle} Yes | {check-circle} Yes | GitLab 16.6 | User |
user_email_address_updated |
Adds an audit event when a user updates their email address | {check-circle} Yes | {check-circle} Yes | GitLab 10.1 | User |
user_profile_visiblity_updated |
Triggered when user toggles private profile user setting | {dotted-circle} No | {check-circle} Yes | GitLab 16.3 | User |
user_username_updated |
Event triggered on updating a user's username | {check-circle} Yes | {check-circle} Yes | GitLab 15.7 | User |
Verify security
Name | Description | Saved to database | Streamed | Introduced in | Scope |
---|---|---|---|---|---|
secure_ci_job_token_inbound_disabled |
Event triggered when CI_JOB_TOKEN permissions disabled for inbound | {check-circle} Yes | {check-circle} Yes | GitLab 16.0 | Project |
secure_ci_job_token_inbound_enabled |
Event triggered when CI_JOB_TOKEN permissions enabled for inbound | {check-circle} Yes | {check-circle} Yes | GitLab 16.0 | Project |
secure_ci_job_token_project_added |
Event triggered when project added to inbound CI_JOB_TOKEN scope | {check-circle} Yes | {check-circle} Yes | GitLab 16.0 | Project |
secure_ci_job_token_project_removed |
Event triggered when project removed from inbound CI_JOB_TOKEN scope | {check-circle} Yes | {check-circle} Yes | GitLab 16.0 | Project |
Webhooks
Name | Description | Saved to database | Streamed | Introduced in | Scope |
---|---|---|---|---|---|
webhook_created |
Event triggered when a webhook is created. | {check-circle} Yes | {check-circle} Yes | GitLab 17.1 | Project, Group, Instance |
webhook_destroyed |
Event triggered when a webhook is destroyed. | {check-circle} Yes | {check-circle} Yes | GitLab 17.0 | Project, Group, Instance |