Audit logs are structured records that chronologically document events and activities within a system, application, or network. They capture and store details of actions performed by users, system components, or external entities, ensuring transparency, security, and regulatory compliance.

Audit logs do not contain all the events in the system yet, this is an ongoing effort and more events will be added in future updates.

Key Concepts

Audit logs in Chainloop revolve around two main concepts: Actor Type and Target Type.

Actor Type

The Actor Type represents the entity responsible for triggering an event.

  • User – Events initiated by users within your organization.
  • API Token – Events initiated by an API Token, such as updating a Workflow Contract.
  • System – Events triggered by the system itself or the Chainloop Team. Currently, these events occur when modifications are made to built-in resources such as Policies, Requirements, or Frameworks. These changes are logged across all organizations for transparency.

Target Type

The Target Type represents the entity affected by an action performed by an Actor.

Audit Log Forwarders

This feature is only available for on-premise installations of Chainloop.

The Audit Log Forwarder allows platform operators to send event logs to external services. Currently, this is supported via a Webhook.

To configure an Audit Log Forwarder, the following configuration can be modified from the Platform’s Helm Chart values.yaml.

backend:
    ## @param backend.auditLogForwarders Audit log forwarders configuration. Configure forwarders
    ## to send audit logs to external services
    ## @extra backend.auditLogForwarders[].kind The kind of forwarder, currently only webhook is supported
    ## @extra backend.auditLogForwarders[].uri The URL of the webhook
    ## @extra backend.auditLogForwarders[].token The bearer token to authenticate with the webhook
    ## @extra backend.auditLogForwarders[].method The HTTP method to use when sending the audit logs
    auditLogForwarders: []

Example configuration:

backend:
    auditLogForwarders:
        - kind: webhook
            uri: https://webhook.site 
            token: THE-SECRET-TOKEN
            method: POST

Note that the request sent has the user-agent Chainloop-Audit-Logger/1.0 and the application/json content type.