Add the Container Registry to the list of audited events

Context

As a customer in a regulated industry, you may need to respond to auditors by generating comprehensive reports. You can use GitLab to generate audit reports, which track a number of instance, group, and project events.

Problem to solve

Package events such as the ones below are not included in the audit report.

• Change action (add, modify, delete, etc)
• Who/what made the change (user, retention policy, etc)
• What image/tag was changed
• When the image/tag was changed
• How the image/tag was changed (manual, pipeline, API, etc)This is currently provided in Artifactory logs and UI (last known change).
• The location from where the image/tag was changed. For change other than a pipeline change, this would be an IP address. For a change made via a pipeline, this would include the path to the project in which the pipeline was run (where the pipeline was triggered) along with the pipeline ID.

Proposal

Consider adding Container Registry events to the GitLab Audit report so that customers have a way of auditing changes to their images and tags.