How to manage source codes in a security way?

how to audit the user access on groups and projects ?
how to audit the access log to source codes ?

First of all: If you need security: self-host!

For your questions: that depends on what you need your audit to find? We’ve just automated user creation (chef, a self-written script and GitLab’s User API - which lacks some features) and trust that means GitLab only allows people to see/modify what they should.

I guess there might be some links with some value in the fairly recent thread: