Introducing audit logs in SonarQube Cloud: Enhancing compliance and security

Sonar has announced the initial release of audit logs for SonarQube Cloud, aimed at enhancing security and compliance in the software development lifecycle (SDLC). These logs, available exclusively to SonarQube Cloud Enterprise plan customers, provide a chronological record of events that are crucial for security incident investigation, compliance with standards like GDPR and ISO 27001, and maintaining accountability. Accessible through a new API endpoint, the audit logs can be integrated with existing security information and event management tools, with enterprise admins granted exclusive access. The initial version allows querying by date range, focusing on core authentication and administrative Identity and Access Management (IAM) events, such as user logins, token creation, and permission changes, with plans to expand the scope of logged events. This feature is designed to reduce risk, ensure policy adherence, facilitate regulatory reporting, and create an immutable record of security decisions, providing traceability and control for the software development process.