Skip to Content
FeaturesAudit Logging

Audit Logging

CodeStax records audit events for supported organization, security, billing, compliance, and review operations. Audit logs help you track who did what and when for compliance, security investigations, and operational visibility.

What Gets Logged

Supported audited actions include:

CategoryEvents
AuthenticationLogin, logout, API key creation, API key revocation
RepositoriesConnected, disconnected, settings changed
ScansTriggered, completed, failed, cancelled
FindingsTriage status changed, ignored, commented
TeamMember invited, role changed, member removed
SettingsOrganization settings updated, webhook configured, policy changed
IntegrationsJira linked, OAuth token refreshed, webhook enabled/disabled
ComplianceEnabled frameworks updated, control selection updated, custom framework created or deleted, GDPR export/deletion requested

Where to Find It

Open Audit Logs from the dashboard sidebar. The audit log is available to ORG_ADMIN and ORG_OWNER roles only.

The audit log supports filtering by:

  • User — Filter by the user who performed the action.
  • Action type — Filter by category (auth, scan, triage, settings, etc.).
  • Date range — Narrow results to a specific time window.
  • Repository — Show only events related to a specific repository.

Log Entry Details

Each audit log entry includes:

  • Timestamp — When the action occurred (UTC).
  • User — Who performed the action (name and email).
  • Action — What was done (e.g., “scan.triggered”, “finding.triaged”).
  • Target — The resource affected (repository name, finding ID, user email).
  • Metadata — Additional context such as IP address, scan type, or old/new values for changes.

Export

Export customer-visible audit logs in CSV format for integration with external SIEM tools or compliance reporting. Use the Export button at the top of the audit log page.

Retention

Audit-log availability and retention follow your current plan limits. Published plan limits currently list Growth with 30-day audit logs, Pro with 90-day audit logs, and Enterprise with extended audit-log retention; Free does not include audit logs.