Audit Logs

Audit logging is a simple way to track activity that has occurred inside of FOSSA. By logging and displaying critical user actions, audit logs help administrators determine who did what, when it happened, and where it occurred inside of the product. This provides insight into how your FOSSA environment arrived at its current state and how to revert changes in the case of user error (e.g. uploaded the wrong project, changed the policy accidentally, resolved an issue without proper approval, etc). One way to prevent these issues from happening again is to refine user permissions with the Role-Based Access Control (RBAC) feature.


👍

Enterprise Feature

This feature is only available in a FOSSA Enterprise subscription. Contact [email protected] for more details.

Logged Operations

The following table summarizes the actions that are logged:

Type

Action

User

  • Add a user
  • Delete a user
  • Disable a user
  • Change a user’s role
  • Change another user value (email update, etc)
  • Change a user’s role
  • Give a user access to a project or release group
  • Remove user access from a project or release group
  • Give a user access to a team
  • Remove user access from a team

Team

  • Create new team
  • Change team name
  • Delete team

Issue

  • Open an issue
  • Export an issue
  • Resolve (both project and global level) an issue
  • Modify the licenses associated with a package

Policy & Licenses

  • Create new policy
  • Change the default action for uncategorized licenses
  • Re-categorize a license within a policy
  • Changing the policy for a project
  • Change the default policy for an organization
  • Modify the conditional rules of a license within a policy

Projects & Release Groups

  • Create new project (incl. import method)
  • Create new release group
  • Create a new release for release group
  • Modify revision of project within release group
  • Add a new project revision
  • Run a new license or issue scan

Log Format

Audit log entries (which can be viewed in the Account Settings > Audit Logs page) consist of the following fields:

  • Email: current email of user that performed the action
  • Role: role of the user at the time the action occurred (see RBAC for more information about user roles)
  • Date: timestamp of when the action occurred
  • Action: details about the action that occurred

View Permissions

By default, only users with the role admin are able to view the audit logs. In the future, we plan on supporting the ability to customize user roles which would allow select non-admins to view them as well.