Traceability Dashboard for Audit Events

Traceability in software engineering is the ability to trace work items across the development lifecycle. It's used as both a record-keeping mechanism and as a way to return to a specific "point in time" of the lifecycle of a software artifact and assess whether this particular point in time changed the artifact in a significant way. An obvious example might be realizing that once this software component was upgraded to version 2.1, a vulnerability may have been introduced. Another example might be that a dataset was changed at a particular time that changed the output of a model. Keeping track of what's happening with each component in the development lifecycle has been a cumbersome task in the past, requiring a developer to acquire vast amounts of log data and then sift through and piece together the information in a way that could be explained to a compliance officer. Today, we’ve just made that much easier to do.

JuliaHub is introducing a new feature to make it easy for admins to view, filter, sort, and download audit events. Audit event logging is specifically for compliance and JuliaHub automatically creates audit events to capture information during activities that might involve compliance or accountability, such as those concerned with privacy or changes to laboratory data. This mission-critical information can potentially be used in governmental audits or even in court cases.

The Traceability Dashboard provides a view that centers around types of “resources”: dataset, folder, package, notebook, registry, job, application, provider, coupon, and “none” (for events that have no resource, like “login” and “logout”).

For example, uploading a version of a dataset will create an audit event called “add_version”, with:

• the dataset’s name
• the user’s ID
• a message (like “Successfully added dataset version from user” or “Successfully added dataset version from direct upload”)
• the dataset’s uuid
• the dataset’s type
• the dataset’s tags
• the version ID

Here’s how you can browse the event information…

In the Admin menu, there is a new “Audit Events” entry.

When you click that, you’ll see the Audit Event page with tabs for each type of resource:

Here, you can inspect audit events by type. Many of the cells have a green triangle “filter button” that you can press to view only the events with that value. For example, you can filter by user:

Result

Filtering by date includes all events on the same day as that date:

Result

When you are filtering, you can download the filtered events:

To learn more about how this feature works, refer to the documentation page here.

Tell us what you think

The first version of this dashboard has been released as a beta version and we are looking for user feedback about how to grow our traceability dashboard feature.

As we continue to collect relevant information and metadata around events that affect each software artifact, our goal is to work with the community to understand how best users want to ingest this audit event information. 

Whether organizations want this data available as a part of a greater software bill of materials and compliance report, or individual teams want to use this early dashboard information for internal auditing, our goal is to build out this feature one step at a time with user feedback. We definitely want to tie this information to online diagnostics, but this first version of the feature has yet to include that kind of information.

Because of the nature of the information in this dashboard, it is currently only available on the Enterprise subscription of JuliaHub, and only admins for a particular JuliaHub instance can access the page. Please contact us today if you are interested in learning more about traceability and audit events on JuliaHub.