All posts
October 12, 20251 min read

Tracking Code Changes and Access After Git Reset

The commit history told the story. But it didn’t tell you who touched the code, what they changed, or when it happened in detail. When a repo goes wrong, you reach for git reset. The problem: reset changes your branch state, but it can obscure who accessed what and when. If you need a forensic trail, you have to dig deeper. git reset is a powerful command that moves your current HEAD to a specific commit. It can be --soft, leaving files staged; --mixed, unstaging changes; or --hard, wiping out

Free White Paper

Infrastructure as Code Security Scanning + Git Commit Signing (GPG, SSH): The Complete Guide

Architecture patterns, implementation strategies, and security best practices. Delivered to your inbox.

Free. No spam. Unsubscribe anytime.
Andrios Robert

The commit history told the story. But it didn’t tell you who touched the code, what they changed, or when it happened in detail. When a repo goes wrong, you reach for git reset. The problem: reset changes your branch state, but it can obscure who accessed what and when. If you need a forensic trail, you have to dig deeper.

git reset is a powerful command that moves your current HEAD to a specific commit. It can be --soft, leaving files staged; --mixed, unstaging changes; or --hard, wiping out tracked file changes. Each type affects the visible history differently. When you reset, Git loses the commit references you just moved past—unless you’ve got reflog.

Reflog is your tracking ledger. git reflog logs all movements of HEAD, including resets, rebases, and merges. It lets you see who executed each action, complete with timestamps. Combined with git show and git log --author, you can map who made the commits, what they contained, and when they were authored versus accessed.

Continue reading? Get the full guide.

Infrastructure as Code Security Scanning + Git Commit Signing (GPG, SSH): Architecture Patterns & Best Practices

Free. No spam. Unsubscribe anytime.

In shared repositories, server-side logs are critical. Git itself does not track “access” in the sense of file reads—it tracks changes. To connect “access” to “change,” you need audit logs from your Git hosting platform (GitHub, GitLab, Bitbucket). These logs tie user accounts to push, fetch, and merge events. Coordinating Git command history (via reflog) with platform logs gives you a clear chain of custody.

Steps to track who accessed what and when after a git reset:

  1. Run git reflog to see all branch movements, even after resets.
  2. Identify commit hashes and match them with git show <hash> for authorship.
  3. Check hosting service audit logs for access and push events.
  4. If necessary, restore lost commits using git checkout <hash> or git cherry-pick.

This approach ensures a reset doesn’t erase the record you need. It lets you rollback code without losing sight of accountability.

Want this level of visibility baked in without wrangling multiple tools? See it live with hoop.dev—set up in minutes and get instant access trails, commit context, and reset-proof history.

Get started

See hoop.dev in action

One gateway for every database, container, and AI agent. Deploy in minutes.

Get a demoMore posts