Audit Logging
CodeStax records audit events for supported organization, security, billing, compliance, and review operations. Audit logs help you track who did what and when for compliance, security investigations, and operational visibility.
What Gets Logged
Supported audited actions include:
| Category | Events |
|---|---|
| Authentication | Login, logout, API key creation, API key revocation |
| Repositories | Connected, disconnected, settings changed |
| Scans | Triggered, completed, failed, cancelled |
| Findings | Triage status changed, ignored, commented |
| Team | Member invited, role changed, member removed |
| Settings | Organization settings updated, webhook configured, policy changed |
| Integrations | Jira linked, OAuth token refreshed, webhook enabled/disabled |
| Compliance | Enabled frameworks updated, control selection updated, custom framework created or deleted, GDPR export/deletion requested |
Where to Find It
Open Audit Logs from the dashboard sidebar. The audit log is available to ORG_ADMIN and ORG_OWNER roles only.
Filtering and Search
The audit log supports filtering by:
- User — Filter by the user who performed the action.
- Action type — Filter by category (auth, scan, triage, settings, etc.).
- Date range — Narrow results to a specific time window.
- Repository — Show only events related to a specific repository.
Log Entry Details
Each audit log entry includes:
- Timestamp — When the action occurred (UTC).
- User — Who performed the action (name and email).
- Action — What was done (e.g., “scan.triggered”, “finding.triaged”).
- Target — The resource affected (repository name, finding ID, user email).
- Metadata — Additional context such as IP address, scan type, or old/new values for changes.
Export
Export customer-visible audit logs in CSV format for integration with external SIEM tools or compliance reporting. Use the Export button at the top of the audit log page.
Retention
Audit-log availability and retention follow your current plan limits. Published plan limits currently list Growth with 30-day audit logs, Pro with 90-day audit logs, and Enterprise with extended audit-log retention; Free does not include audit logs.