It’s quite easy to impersonate another user in Gitlab. See this topic for more details.
It’s possible to find out which user performed a push by examining “Activity” log of a repository. But for audit purposes I’d also like to know the IP address from which the push was done. Is it possible in Gitlab CE/EE?
Pushes done through HTTP(S)
You can examine access logs of nginx (
192.168.21.150 - johndoe [19/Dec/2016:08:05:58 +0100] “POST /TEST/test.git/git-receive-pack HTTP/1.1” 200 52 “-” "git/2.9.2.windows.1
Pushes done through SSH
You can examine gitlab-shell logs (
gitlab-shell/gitlab-shell.log). That way you can find the time of a push:
I, [2016-12-19T07:34:08.173561 #3560] INFO – : gitlab-shell: executing git command <git-receive-pack /var/opt/gitlab/git-data/repositories/test2/test2.git> for user with key key-417.
Then you can examine standard SSH logs to find the IP address:
Dec 19 07:34:08 gitlab-hostname sshd: Accepted publickey for git from 192.168.21.151 port 40864 ssh2: RSA 32:ea:2d:e2:47:ac:fc:50:84:16:e2:16:57:b0:5c:2d