Yesterday I have received an email that someone managed to login to my account from location never used before. I’ve reset the password as soon as I noticed the notification from Gitlab, and made necessary steps to tighten the security of my account.
My biggest concern are three repositories shared to me by clients containing the source code of the applications currently in the production. As responsible as I can be, I’d have to notify my clients about the breach and to figure out what would be our next steps regarding this issue. However, I cannot know if my repositories are cloned or downloaded at all.
Question: Is it possible, for free account on Gitlab to browse these kind of audit events on repo (pull-download-clone)? If so, please help.
Although this account breach is solely my responsability, it would be very nice to disable the login from location never used before, without some confirmation over email at least. Something similar is working for Google accounts for years already. IF the system sees that I’m logging in from Europe constantly and suddenly access to my account is requested from a different continent, I’d say that’s suspicious activity.
It might save us from this trouble.
Anyhow, please help