unfortunately, we had some security issues with our self-hosted gitlab. One very important question: for a user with admin-rights, is it in any way possible to bypass the logging of pulling events? Do you see any possibility of doing that without having access to the actual hostserver? We need to know, if checking the production.logs is a reliable method to know if an attacker has made pulls or not.
Thank you very much for your feedback!