Gitlab Security

  1. I have a finding from auditors saying that admins can change project settings. My question is, where are Gitlab Audit Events stored and are administrators able to alter audit event logs?

  2. What can I do to validate whether the source code as approved on Gitlab matches what is ultimately deployed on Artifactory?