Skip to main content
All CollectionsAutomationGearset APIGearset API usage and basics
Audit reports - downloadable reports about your Gearset team
Audit reports - downloadable reports about your Gearset team

Audit reports feature helps businesses using Gearset with their compliance. Download deployment and user access reports.

Mateusz Kochanowicz avatar
Written by Mateusz Kochanowicz
Updated over 5 months ago

License requirements: This feature is included in Automation Teams and Automation Enterprise plans.

In order to comply with SOX audit requests, Gearset customers need to get information about deployments, configuration changes, and user access such as permissions.

We're aware that Audit API doesn't always provide Gearset users with all the information they need for SOX compliance. And it doesn't make it easy to access or filter down the information auditors require.

That's where the Audit reports feature becomes really useful as it's been introduced to help you with those kinds challenges and make reporting easier.

What is SOX? A little context.

SOX compliance (derived from Sarbanes-Oxley Act) is an annual law obligation for public US companies to prove they have proper safeguarding and controls in place.

SOX ensures businesses are transparent and honest about their finances by requiring strong internal controls and regular independent audits. It also applies to foreign companies that are publicly traded in the US.

Where is this feature available in Gearset?

Audit reporting is available in the Reporting section (menu on the left) of My account settings:

Audit reports can now be generated from within the Gearset app. The second version of this feature allows you to:

  • Generate and download a CSV report for deployment history (going back up to 14 months from the current date)
    - This option allows you to email copies of the report to other people (or team members) than the created of the deployment report.
    - It also allows you to add comma separated list of usernames to include in the report, or to leave the section empty to include all deployments in the report.

  • Generate and download a CSV report for current user access.

Note: When you select Deployments option, the data range for your downloadable report is defaulted to the Last 30 days.

Why 'User access' option doesn't allow to select custom dates?

You may have noticed that User access option doesn't allow you to define any custom period, as opposed to the deployment report.

In case you wonder why, it's because user access report is a snapshot of the current access (permissions), so the date range doesn't apply in this scenario.

How to download a deployment report?

Click on the dropdown menu to choose a different (custom) date range before you select Create report - this automatically downloads your report.

On below example we've selected the report to be downloaded for period 4-11 May 2024. Dates highlighted in blue are defining the start and end of the selected period. Once selected, choose Apply.

The report will be downloaded as a .zip file within which you'll find your CSV reports.

What information does a deployment report contain?

Below table describes all the information that you'll find on your deployment report.

Deployment report breaks down into below columns

Information provided in each column

deployment_id

includes deployment ID, e.g. ac393f0d-3e1d-4f23-bec3-15f2f3a9852c

status

Informs if the deployment was successful or partially successful*

*Partially successful deployment may happen when metadata was deployed to the target, but config data (e.g. CPQ) or Vlocity failed to be deployed.

Important to note: reports won't reference failed deployments. It's because Audit API reports on successful events.

name

name of the deployment

owner

name of the team member who made the deployment

triggered_by

Currently, this will almost always be the CI job owner's username. If a user triggers a job run interactively by clicking the play button in the CI dashboard, the value will be that user's username instead.

date

states date and time of the deployment

friendly_name

deployment name entered in Gearset

source_username

user who made the deployment

source_type

source environment of the deployment

target_username

target environment of the deployment

target_type

target environment type, e.g. Production, Developer (orgs), GitHubBranch, or AzureDevOpsGitBranch

deployment_type

Additional info on whether the deployment was for example: Standard (made via Compare and deploy), ContinuousIntegration or Rollback

salesforce_final_deployment_id

Deployment ID as shown in a Salesforce org, e.g. 0AfJ70000012Gm5

pipeline_name

Name of user-owned and/or team-shared Pipelines added by you or members of your team

ci_job_name

Custom name(s) of CI job(s) - these names are imported from CI dashboard's Job name section

What information does a User access report contain?

The downloadable zip report breaks down into two separate CSVs.

In the users.csv file you'll find information, such as:

User access report breaks down into below columns

Information provided in each column

username

username used to create Gearset account

team_role

states user's role in a team, e.g. Owner or Member

email

email address associated with user account

created_at

states date and time of when the account was created

last_login_on

Note: this information will only be shown on the report if you're on Automation Enterprise tier.

date and time of user's last login into Gearset

While the org_delegations.csv file will include below information:

User access report breaks down into below columns

Information provided in each column

org_username

username assigned to the connected org

org_friendly_name

custom name given in Gearset to an org connection

org_domain

domain address of the connected org

org type

type of connected org, eg. Production or Developer

entitlement_level

access level to an org given to a user, e.g. Deployment, Validation or Comparison.

delegated_to_user

username(s) of team member(s) to whom

the org access is currently delegated

Summary

Reporting and auditing is really critical to many organisations who use Gearset and it's an area we're focusing on to ensure the right information can be made available in the right format.

If you have any feedback on how we can improve the audit reports, or if you'd like to see other types of information on those reports - let us know in the in-app chat!

Did this answer your question?