Each repository page includes an Activity tab which displays a sortable and paginated list of the most recent events within the repository. This offers better visibility along with the ability to audit events. Event types listed will vary according to your repository permission level. Additionally, MSR admins can enable auto-deletion of repository events as part of maintenance and cleanup.
In the following section, we will show you how to view and audit the list of events in a repository. We will also cover the event types associated with your permission level.
Admins can view a list of MSR events using the API, a feature that also shows a permission-based events list for each repository page on the web interface. To view the list of events within a repository, do the following:
Navigate to https://<msr-url>
and log in with your MSR credentials.
Select Repositories from the left navigation pane, and then
click on the name of the repository that you want to view. Note that you
will have to click on the repository name following the /
after
the specific namespace for your repository.
Select the Activity tab. You should see a paginated list of the
latest events based on your repository permission level. By default,
Activity shows the latest 10
events and excludes pull
events, which are only visible to repository and MSR admins.
The following table breaks down the data included in an event and uses
the highlighted Create Promotion Policy
event as an example.
Event detail | Description | Example |
---|---|---|
Label | Friendly name of the event. | Create Promotion Policy |
Repository | This will always be the repository in review following the
<user-or-org>/<repository_name> convention outlined in
Create a repository |
test-org/test-repo-1 |
Tag | Tag affected by the event, when applicable. | test-org/test-repo-1:latest where latest is the affected tag |
SHA | The digest value for ``CREATE` operations such as creating a new image tag or a promotion policy. | sha256:bbf09ba3 |
Type | Event type. Possible values are: CREATE , GET , UPDATE ,
DELETE , SEND , FAIL and SCAN . |
CREATE |
Initiated by | The actor responsible for the event. For user-initiated events, this
will reflect the user ID and link to that user’s profile. For image
events triggered by a policy – pruning, pull / push mirroring, or
promotion – this will reflect the relevant policy ID except for manual
promotions where it reflects PROMOTION MANUAL_P , and link to the
relevant policy page. Other event actors may not include a link. |
PROMOTION CA5E7822 |
Date and Time | When the event happened in your configured time zone. | 2018 9:59 PM |
Given the level of detail on each event, it should be easy for MSR and security admins to determine what events have taken place inside of MSR. For example, when an image which shouldn’t have been deleted ends up getting deleted, the security admin can determine when and who initiated the deletion.
For more details on different permission levels within MSR, see Authentication and authorization in MSR to understand the minimum level required to view the different repository events.
Repository event | Description | Minimum permission level |
---|---|---|
Push | Refers to Create Manifest and Update Tag events. Learn more
about pushing images. |
Authenticated users |
Scan | Requires security scanning to be set
up by a MSR admin.
Once enabled, this will display as a SCAN event type. |
Authenticated users |
Promotion | Refers to a Create Promotion Policy event which links to the
Promotions tab of the repository where you can edit
the existing promotions. See Promotion Policies for different ways to promote
an image. |
Repository admin |
Delete | Refers to “Delete Tag” events. Learn more about Delete images. | Authenticated users |
Pull | Refers to “Get Tag” events. Learn more about Pull an image. | Repository admin |
Mirror | Refers to Pull mirroring and Push mirroring events.
See Mirror images to another registry and
Mirror images from another registry for more details. |
Repository admin |
Create repo | Refers to Create Repository events. See
Create a repository for more details. |
Authenticated users |