GitLedger
OverviewCompliancePolicyAuditSIEMOnboarding

SIEM Forwarding

Real-time supply-chain alerts

Forward StakeLocked, ReviewSlashed, and PolicyViolation events to your SIEM. Out-of-the-box integrations for Splunk, Datadog, Vanta, Drata, Secureframe.

SSplunk
DDatadog
VVanta
DDrata
SSecureframe
Custom
stake.locked

Fires when a reviewer locks USDC on PR approval. Use for spend tracking + audit.

review.slashed

Fires when Chainlink detects a hotfix targeting reviewed code. Page on-call.

policy.violation

Fires when a PR ships without satisfying CompliancePolicy.sol. Block merge.

Configured forwarders

HMAC-SHA256 signed · retried 5x with exponential backoff

Sample payload

POST · application/json
{
  "event": "review.slashed",
  "orgSlug": "acme-protocol",
  "occurredAt": "2026-05-25T08:14:02Z",
  "repoSlug": "acme-protocol/core",
  "prId": 4821,
  "pathPattern": "contracts/**",
  "reviewer": {
    "basename": "lead.acme.base.eth",
    "address": "0x4c2a...5a4b"
  },
  "amountUsdc": 500000000,
  "attestationUid": "0xab12cd34ef56a789b890c012d345e678",
  "signature": "hmac-sha256=ab12cd34..."
}

Verify with: HMAC_SHA256(body, SIEM_SECRET) and compare to X-GitLedger-Signature.