🔒 Audit Logs
Overview
CyberAi maintains comprehensive audit logs to track system activities, security events, and user actions. This page describes our audit logging capabilities and how to access them.
What We Log
📝 Code Changes
- All commits tracked via Git version control
- Pull request reviews and approvals
- Branch creation and deletion events
- Tag and release activities
🔐 Security Events
- Authentication attempts (success and failure)
- Authorization decisions and access denials
- Security scan results (CodeQL, GitAntivirus)
- Vulnerability detections and resolutions
⚙️ System Operations
- GitHub Actions workflow executions
- Deployment events and status
- Configuration changes
- API requests and responses
👤 User Activities
- Login and logout events (when authentication enabled)
- Profile updates and password changes
- Subscription and payment transactions
- Permission and role modifications
Accessing Audit Logs
GitHub Actions Logs
View workflow execution logs in the GitHub Actions tab. Logs include build outputs, test results, and deployment activities.
Git History
All code changes are permanently tracked in Git history:
git log --all --oneline --graph
git log --author="username" --since="2026-01-01"Security Advisories
Security-related events are tracked in GitHub Security tab, including vulnerability reports and resolutions.
Log Retention
CyberAi maintains audit logs with the following retention policies:
- Git History: Permanent (stored in repository)
- GitHub Actions Logs: 90 days (GitHub default)
- Security Events: Permanent (via GitHub Security)
- User Activity Logs: Configurable (when implemented)
Log Format
Audit logs follow structured formats for easy parsing and analysis:
- Timestamp: ISO 8601 format (UTC)
- Event Type: Category and action
- Actor: User or system performing action
- Resource: Entity being acted upon
- Result: Success or failure status
- Metadata: Additional contextual information
Compliance & Security
Audit logs support compliance requirements:
- Non-repudiation of actions
- Forensic analysis capabilities
- Incident response support
- Regulatory compliance (SOC 2, GDPR, etc.)
See our Compliance Documentation for framework details.
Related Documentation
- Security Policy - Security practices and reporting
- Security Policy Summary - Quick reference guide
- Compliance - Compliance frameworks
- Privacy Policy - Data handling practices