Audit log
Every action recorded for SOC 2 + your peace of mind.
2 min read3 sections
Every action that mutates state hits the audit log. That includes:
- Member invites, role changes, removals
- Repo connections / disconnections
- Scan kickoffs (manual + automated)
- Dismissals
- API token creation / rotation / revocation
- MCP calls
- Billing changes
Free + Builder: 30 days. Pro: 1 year. Agency: 3 years. Audit log entries are append-only — they cannot be edited or deleted by anyone, including owners. This is by design — auditors look for this.
Export to CSV from /audit-log. Pro+ plans get a daily JSON export to S3 / R2 for long-term retention.