how to audit the user access on groups and projects ?
how to audit the access log to source codes ?
etc.
First of all: If you need security: self-host!
For your questions: that depends on what you need your audit to find? We’ve just automated user creation (chef, a self-written script and GitLab’s User API - which lacks some features) and trust that means GitLab only allows people to see/modify what they should.
I guess there might be some links with some value in the fairly recent thread: