Commit from user not in team

Hi,

I just recently noticed that someone who is not a member of the team in my gitlab.com repo made a commit.

The username attached to the commit does not match anyone on the members list of the repo.

How is this possible? I thought i had to give access to someone by adding them as a developer before they could access the project.

Is my repo public? I thought by default all repos are private.

Project visibility is set to private btw

Hi there!

Git commits are not associated to real identities: I can choose to set my Git name and email to whomever I want, and then being able to push as “Santa Claus”. So probably one for your developers has used a different identity to push.

What you can do is in “Settings -> Repository” select Check whether author is a GitLab user
or set a regex for Commit author’s email.

Also, please notice that if your project has been shared with another group, all the members of such group can access your project, but they are not explicitly listed.

I think the setting you suggested is in the paid version.

Thanks for the explaination.