Pull audit logs

[agsonsmith]

Tell us about your request We would like to be able to see pull requests for every image within our Organization included in the Activity logs. We would like to see which account performed the pull and the IP address that the pull request originated from.

Which service(s) is this request for? Docker Hub

Tell us about the problem you're trying to solve. What are you trying to do, and why is it hard? Our Organization is Private. We would never expect a pull request to occur from outside of our known IP address ranges. If we start to see IP addresses performing pull requests outside of our known IP address ranges this could be warning of a compromised Personal Access Token, which we could resolve swiftly by revoking the token. At the moment we have no visibility of pull requests, which limits our visibility of potentially compromised tokens.

Are you currently working around the issue? We have no workaround for this issue at the moment. A potential workaround could be to implement time limits on the Personal Access Token. If we could force our users to have a maximum lifespan for a PAT to be 6 months (or similar), this could reduce the risk.

Additional context We have SSO enabled and enforced on our Organization, but the use of the PAT bypasses these controls. Once the Sentinel integration with Docker Hub is ready, we will look to leverage it hopefully along with this new potential feature.

[MercedesSteele]

Hi @agsonsmith ! Great feedback, we're looking into this.

[vishal-thakkur]

Hi @macmirchdocker Do you know if we have any updates on this? It's been a couple of years since this issue was raised.