►
From YouTube: CNCF Live Webinar: Cloud native DevOps security
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
And
let
me
give
y'all
a
little
intro
and
off
we'll
go.
Thank
you.
Everyone
for
joining
us.
Welcome
to
today's
cncf
live
webinar
cloud
native
devops
security,
I'm
libby,
schultz
and
I'll
be
moderating.
Today's
webinar
I'm
going
to
read
our
code
of
conduct
and
then
hand
it
over
to
sebastian
straub
and
simon
milot
solutions:
architects,
with
prismacloud
by
palo
alto
networks,
a
few
housekeeping
items
before
we
get
started
during
the
webinar
you're,
not
able
to
speak
as
an
attendee.
There's
a
q,
a
box
at
the
bottom
of
your
screen.
Please
feel
free!
A
A
Please
do
not
add
anything
to
the
chat
or
questions
that
would
be
in
violation
of
that
code
of
conduct
and
please
be
respectful
of
all
of
your
fellow
participants
and
our
presenters.
Please
also
note
that
the
recording
slides
will
be
posted
later
today
to
the
cncf
online
programs
page
at
community.cncf.io.
A
B
Thank
you
libby
for
your
introduction.
Thank
you,
everyone
for
joining
our
webinar
today.
My
name
is
sebastian
straube
and
I'm
the
cloud
solutions
architect
in
palo
alto
networks.
Here,
I'm
sitting
in
zurich,
switzerland-
and
I
also
want
to
introduce
you
seaman,
milot
he's
also
cloud
susan's,
architect,
hello,
siemen,.
C
Hey
hello
sebastian
here,
thank
you,
libby
for
the
introduction,
and
indeed
I'm
a
cloud
solution
architect
at
palo
alto
network,
so
basically
mainly
focusing
on
christmas
cloud
product
and
yeah.
I'm
happy
to
be
here.
I
prepare
like
a
nice
demo
and
I
will
be
jumping
into
the
demo
after
the
presentation
of
server
10..
So.
B
Thank
you
siemen,
so
I'm
super
happy
seaman
joined
today
he's
our
demo
god,
so
we
all
pray
to
him.
So
all
good.
So,
let's
quickly
start
with
our
presentation.
I
prepared
a
couple
of
slides
for
us
today
here
to
grasp
a
little
bit
around
what
checkoff
is
and
why
check
off
has
something
to
do
with
cloud
native,
devops
security.
B
B
B
B
It's
chekov
is
an
open
source
statistic
analysis
tool,
so
it
enables
us
to
scan
infrastructure
as
code
in
a
methodology
that
is
called
policy
is
code
in
which
you
can
actually
then
automatically
scan
code
and
and
introduce
this
as
scan
code
into
and
visibility
in
which
we
see
vulnerabilities
compliance
problems
and
best
practice
problems
in
our
infrastructures.
Code
templates
in
check
up,
we
pre-built
hundreds
of
policies
over
our
compliance
and
best
practices
across
all
the
public
cloud
provider.
B
In
the
moment
on
the
market,
the
natively
supporting,
as
I
said
before,
also
kubernetes
manifest,
but
also
terraform
cloud
formation,
the
arm
and
others,
and
also
what
I
want
to
highlight
here,
is
that
checkoff
is
written
in
bison.
So
it's
fully
extensible.
If
you
want
to
use
the
source
code
and
want
to
extend
some
functions
if
you're
a
python
pro,
you
actually
absolutely
are
in
the
way
to
do
so.
B
B
If
you
want
to
check
out,
you
can
go
to
this
url
and
can
check
the
code,
but
I
just
want
to
give
you
a
couple
of
more
contacts
around
this
product
when
you
have
checked
your
software
development
life
cycle-
and
you
know,
you
need
to
check
every
corner
of
your
code
and
of
your
infrastructure's
code
templates,
etc.
So
our
our
approach
here
is
that
we
actually
try
to
to
find
this
vulnerabilities
and
compliance
issues.
B
We
want
to
fix
them,
so
we
can
fix
them
directly
in
the
either
like,
for
example,
visual
studio
code.
We
have
plugins
for
all
the
major
development
environments
in
the
market,
and
we
also
won't
want
to
prevent
that.
These
problems
are
going
into
production
environments,
but
we
can
also
fix
problems
inside
production
environments,
so
we
can
fix
problems
also
at
build
time.
So
that
means
we
can
integrate
our
scans
into
the
build
time
and
into
the
time
so
in
production,
in
in
running
environments
and
in
our
csd
pipeline.
B
As
we
said
before,
it's
an
open
source
product
and
we
also,
for
example,
can
merge,
pull
requests
and
we
can
detect
and
transform
mis
configurations.
That's
a
very
important
point
and
also
we
enforce
our
policies
in
your
workflow.
So
how
does
it
work?
Actually?
The
this
is
the
challenge
actually
with
with
our
code,
because
today
we
have
the
topic
shift
left.
B
Without
creating
you
know,
tickets,
jira,
pager,
duty
or
service
now,
and
then
actually
need
to
come
back
into
the
build
process,
change
and
then
deploy
again.
So
you
want
to
fix
a
problem
in
the
beginning
and
how?
How
do
we
handle
this?
So
it's
handy
list
like
like
pros
and
we
want
to
show
you
how
this
works.
B
So
what
we
do
is
actually,
when
we,
when
we
do
some
code,
combat,
we
want
to
fix
and
prevent
in
in
the
development
environment
and
per
request
and
build
bid
blocks
that
some
vulnerabilities
are
going
into
the
test
environment,
for
example,
and
then
also
in
the
deployment
operation
state.
We
monitor
and
we
can
remediate
in
in
this
stage
and
what
we
also
do
before
we
actually
commit
this
code.
B
We
scan
these
infrastructure
templates
and
also
make
sure
that
this
configuration
meets
the
requirements
of
your
of
your
department
and
what
you
also
do
is
we.
We
then
show
some
compliance
reports,
policy
engines
and
show
also
some
notifications
around
this
topic.
So
we
can
integrate
in
your
host
csd
pipeline
in
your
workflow
that
you
work
every
day
and
we
make
it
easy
for
you
to
integrate
and
scan
this
whole
different
repositories
and
templates
this.
What
do
we
integrate?
B
B
So
so
this
is
absolutely
a
great
starting
point
for
you.
What's
the
benefit
very
quickly,
so
actually
over
time,
when
you
using
this
kind
of
methodology
in
in
the
checkoff
tool,
you
lower
the
remediation
time.
This
is
really
interesting
because
at
the
end,
you
don't
want
to
fix
the
problems
in
production
rise,
and
then
you
want
to
decrease
the
high
severity
events.
That
means
that
we
find
vulnerability
problems
inside
the
app
and
reduce
the
attack
surface
from
the
beginning.
B
We
simplify
the
compliance
by
checking
compliance
inside
the
template
already
and
then
by
at
the
end.
What
we
do
is
with
all
this
combined
together,
we
are
minimizing
the
attack
surface.
So
what
are
actually
the
requirements
when
we
look
at
how
to
achieve
these
benefits
and
these
requirements
are
that
we
need?
Actually,
these
infrastructure
is
code
security,
a
tool
where
we
implement
some
guard
rates.
B
We
need
drift
detection.
Drift
detection
means
that
we
automate
the
deployment
of
the
of
the
code
with
the
template,
we're
checking
the
template
before
deploying
and
then
when
we
change
something
something
inside
the
clouds.
Some
resources
are
changed
inside
the
cloud
we
detect
this
change
and
then
the
the
notify
on
this
change
and
also
scan
scan
this
change
then,
for
example,
what
you
also
need
to
implement
is
in
secret
scanning,
so
we
want
to
make
sure
that
we
don't
deploy
or
commit
secrets
into
our
production
stage
or
into
other
stages.
B
That's
something
we
really
want
to
avoid
and
then
for
sure,
what's
very
important
is
the
least
privilege
in
identity
access
management.
So
that
means
you
don't
want
to
over
privileged
some
user
that
have
access
to
environments.
So
we
also
check
this
one.
So
one
thing
I
wanted
to
show
you
is
the
box
ticker.
So
checkoff
is
an
upstream
tool,
so
there's
also
a
downstream
tool
for
enterprise
environments,
and
maybe
later
you
can
check
out
what
kind
of
functionality
you
need.
B
B
So
we
emphasize
here
for
for
customers
that
they
actually
introducing
some
kind
of
cloud
native
application
platform
approach,
and
these
cnep
enables
iot
leader
actually
to
laser
focus
on
shift
left
so
bringing
or
removing
the
problems
out
of
the
production
environment.
Bringing
solving
the
problems
inside
the
development
lifecycle
then
also
optimizing
the
deployment
time
and
integrating
security
in
the
devops
processes,
reducing
the
application,
downtime
for
break
fix
procedures,
reducing
security
alerts
and
false
positives
and
stocks
also
very
important,
because
it
takes
a
lot
of
money
and
time
to
solve
them
in
production
environments.
B
C
C
If
you
want
to
scan
a
specific
file,
you
can
just
minus
f
docker
file
from
apple.
It
will
scan
a
docker
file,
and
here
on
the
on
the
right
side
of
the
screen,
you
can
see
like
the
fact
that
I
have
scanned
a
directory
which
contains
a
couple
of
like
terraform
templates
whatsoever,
but
that's
the
output.
You
will
get
with
the
cli.
C
So
if
you
want
to
do
this,
you
you
have
the
the
command
line,
which
is
here
it's
minus
d
like
directory,
and
you
have
to
specify
the
territory
here
is
like
the
current
one
and
of
course
there
is
sometimes
like
a
policy
that
could
be
like
not
very
interesting
for
you
in
your
situation,
so
it's
cool
for
what
we
could
call
like
a
false
positive.
For
example,
you
want
to
publish
an
aws
spree
bucket
on
internet
and
yeah.
C
I
hope
it's
big
enough
for
you
guys,
or
maybe
I
can
zoom
it
a
bit
so
and
this
I
have
like
a
python
application
with
like
a
requirement
stay
here
and
I
have
a
docker
fry.
So,
for
example,
if
I
do
like
check
off
minus
f
docker
file,
the
command
that
we
just
saw
in
the
slide,
it
will
scan
the
docker
file
and
will
give
you
like
some
kind
of
recommendation.
C
So,
for
example,
here
you
have
the
ckv
this
policy
from
chekov,
which
is
ensure
that
that
the
user
for
the
container
has
been
created.
If
it's
not
the
case,
because
here
it
was
not
the
case,
but
then
that
means
you
need
to
to
do
some
extra
to
add
the
inside
your
docker
file,
for
example,
or
to,
for
example,
this
one
other
than
check.
For
example.
What
I
could
do
is
like
skip
check
and
just
to
make
it
correct.
So
let's
do
like
that
and
then
comma
security,
doppler,
2
and
yeah.
C
There
was
also
like
a
command
which
is
like
check
off
minus
l
that
will
list
all
the
policy
that
we
have
and,
for
example,
here
you
can
see
that,
for
example,
with
this
kind
of
checkoff
policy
will
check
all
the
aws
access
keys.
So,
for
example,
if
we
find
inside
the
file
aws
access
key,
it
will
create
an
alert
and,
for
example,
it
could
block
the
pipeline
and
and
this
kind
of
stuff.
C
So
you
could
really
try
to
limit
the
fact
that
the
access
keys
is
published
publicly
or
this
kind
of
stuff.
That's
a
bit
the
id
then-
and
I
think
I
don't
know
if
I
do
something
like
that-
I
get.
I
think
we
have
had
it
like
last
week
or
like
something
about
look
for
g
for
j
yeah.
That
was
a
miscreation
exclamation
mark
here.
Where
is
my
pipe.
C
I
in
this
principle
so
but
here
we
have
like
a
docker
file,
but,
for
example,
I
had
also
in
my
repository
some
kubernetes
definition
like
this
one
was
to
deploy
the
python
application.
I'll
just
show
you
and,
for
example,
you
should
minimize
admission
of
root,
containers
and
and
stuff
like
that,
so
we
and
of
course,
each
time
you
have
like
some
recommendation
that
you
have
here
and
and
the
guide
also
to
help
you.
C
C
Definition
to
deploy
this
application
and
to
make
sure
that
han
has
none
root
should
be
equal
to
true
for
number
this
kind
of
stuff,
and
then
it's
like
much
easier
to
to
fix
your
your
your
different
configuration
files,
all
right,
so
that's
about
like
check
off
in
itself,
so
the
policies
and
so
on,
and
I
remember
if
you
want
to
test
it.
It's
like
like
open
source
of
course,
and
if
you
want
to
test
it,
is
like
as
simple
as
this
set
of
commands.
C
Then,
if
you
want
to
integrate
this
in
a
ci
cd
pipeline,
there
is
already
maybe
first
step
is
install.
The
checkoff
extension
into
vs
code
or
intellij
do
is,
and
then
I
will
show
you
in
this
demo
like
a
an
azure
devops
pipeline,
where
I
do
a
validation,
so
I
will
scan
first,
the
external
module
of
that
I'm
using
in
a
terraform
template.
C
Then
I
will
scan
the
terraform
template
itself,
which
is
deploying
a
communities
cluster
and
virtual
machine
on
azure,
and
then
the
I
will
publish
the
report
in
a
g-unit
format
inside
azure
devops,
when
I
do
that,
I
can
do
the
same
kind
of
inside
the
asia
devops.
This
cli
output,
but
with
the
g-unit,
is
much
like,
cleaner
and
easy
to
browse.
If
not,
everybody
is
like
technical
to
go
in
the
in
a
different
step
of
azure
devops
pipeline.
C
Then
it's
like
better
published
and
I
will
show
you
that
also
then
we
have
like
the
second
stage
of
the
the
pipeline
will
be
a
plan
and
then
there
we
will
do
a
terraform
plan
command
and
we
will
output
the
format
into
like
a
main.json
like
a
json
file
and
then
with
chekov.
We
will
verify
the
plan
than
json.
So
that's
the
idea
is
that
you
can
have
like
different
here.
C
I
do
it
everything
in
once,
but
the
idea
is
that
you
can
have
a
different
pipeline
that
generate
a
json
file
and
then
the
json
is
sent
to
a
different
pipeline
and
stuff
like
that.
And
then
I
have
a
stage
which
is
like
yeah
approve
the
change
or
I
don't
approve,
and
then
we
applied
the
configuration.
So
we
do
terraform
apply
and
it
executes
the
terraform
template
against
azure
and
it
creates
like
the
communities,
cluster,
the
content
registry
and
the
virtual
machine
that
we
need
and
in
bonus.
C
But
I'm
not
sure
we
have
the
time
we'll
see
how
it
goes.
The
demo
and
sebastian
put
enough
pressure
on
me
or
as
a
god
of
demo,
but
we'll
see
how
it
goes,
but
that's
the
idea
then.
I
have
also
some
example
in
regards
of
the
github
action
so
yeah,
but
basically
can
everywhere
you
can
run
a
python.
You
can
run
chekov,
that's
the
id,
so
that
means
you
can
integrate
more
or
less
everywhere
that
you
want
it's
just
that,
for
example,
github
action.
We
have
like
a
super
easy
integration.
C
C
Let
me
zoom
in
a
bit,
so
I
have
my
azure
pipeline,
we'll
go
through
it
like
in
the
second
phase,
and
then
I
have
like
a
here
and
a
case
of
file
that
I'm
using,
which
is
to
deploy
the
azure
community
services
on
azure,
and
here
I
have
also
the
module.tf,
which
is
using
an
external
module
and
I
will
scan
the
external
module
with
check
off.
So,
for
example,
here,
if
I
do
like
like
we
did
before
check
off
minus
d
current
directory,
it
will
scan
the
directory
and
give
you
the.
C
C
I
will
show
you
that
later
and
we
have
to
check
that
has
passed
so
if
we
go
through
them,
for
example,
we'll
see
that
on
the
access
file
there
is
some
ensure
that
aks
enable
private
cluster
and
I
will
go
back.
I
will
go
to
the
to
the
base
code,
and
here
I
have
the
extension,
which
is
a
checkoff.
So
let
me
grab
it
for
you.
C
C
Maybe
I
can
zoom
it
a
bit
yeah,
that's
better,
and
here
what
you
have
is
basically,
when
you
receive,
I
will
change
some
configuration.
I
will
hit
a
save
button
and
you
see
that
checkoff
is
running
already
to
scan
the
different
resources
of
this
file.
So
now
you
see
that
here
I'm
creating
a
container
registry
here,
I'm
creating
a
humanities.
Cluster
is
your
community's
cluster,
and
here
I
do
the
whole
assignment
for
the
to
give
the
permission
of
communities
cluster
to
pull
container
images
from
the
container
registry.
C
Of
course,
and
here
you
can
see
that
this
one
is
in
red
and
that
means
check
off,
discover
some
misconfiguration
there
and,
for
example,
here
we
can
see
that
ensure
that
aks
enable
private
cluster
what
we
just
saw
in
the
cli.
So
it's
exactly
the
same.
It's
exactly
the
same
output
that
we
see
once
you've.
You
see
that
then
you,
you
have
a
button
which
is
here
which
is
quick
fixed.
What
you
can
do
there
is
either
you
apply.
C
A
skip
you
generate
a
skip
command
to
evolve
to
to
mention
is
the
fact
that
it's
like
a
false
positive,
for
example,
and
or
for
what.
What
we
could
do
is
also,
for
example,
ensure
that
aks
eks
as
an
api
server
authorized
range
ip,
and
here,
if
I
go
to
the
quick
fix
for
that
one,
I
don't
have
something
like
apply
fix,
which
is
out
of
the
box
from
the
vs
code
extension.
It
will
provide
me
like
a
suggestion
so
and
I
can
only
generate
a
skip
comment,
but
I
don't
want
that.
C
I
I
want
to
fix
that
issue
because
I
want
to.
I
have
a
range
ip
that
I
want
and
I
want
to
allow
only
this
higher
range
ip
to
access
my
communities
cluster.
So
what
you
should
do
is
you
click
on
the
link
and
once
you
are
here,
you
see
that
you
should
just
add
this
this
wrench.
So
let's
do
something
like
that.
C
Let's
copy
the
piece
that
rule
or
we
put
it
in
front
of
the
tag-
and
here
we
have
something
and
let's
say
that
my
ip
is
a
public
ip,
so
117
82
something
and
slash
24.,
let's,
let's
save
and
again
check
off
his
running.
So
this
this
check
should
be
like
okay,
now,
okay,
so
we
just
have
seen
that.
Okay,
let
me
remove
it
again
up.
I
will
save
it
again
and
once
it's
done,
I
will
show
you
also
another
way
to
do
it.
So
here
we
have
the
the
check
off.
C
C
Just
by
doing
this,
quick
fix
generate
and
skip
comments.
Yeah!
That's
let
me
grab
this
one,
and
I
will
add
this
one
up
like
this
all
right
and
I
will
generate
the
other
command
just
to
make
sure
that
it
goes
okay
and
then
I
will
push
the
change
into
the
pipeline
and
I
will
see
how
it
goes
over
there.
C
You
have
to
use
this
in
this
syntax,
which
is
like
a
check
off
and
then
skip
equal,
the
checkoff
id,
and
that
you
have
it
of
course
everywhere
like,
for
example,
this
is
the
checkoff
id
and
then
basically,
you
just
add
like
a
double
point,
and
then
you
put
whatever
command
you
want,
for
it
could
be
like
anything
so
and
for
example,
I
will
azure
policy
either
on
or
not.
That
was
not.
C
Okay,
I
have
to
generate
so
now
check
if
it's
running
again
for
the
the
last
comment
and
I
lost
like
windows
v
somewhere
yeah,
I
do
okay,
so
I
have
this.
Addon
perfect
is
twice
so
I
can
remove
this
one
so,
and
this
is
what
chekhov
does
it's
really
giving
you
like
recommendation
on
the
on
the
developer
seat?
What
you
should
do
to
improve
your
your
code
before
pushing
it
in
production,
so
now
check
off
his
running
and
we
will
see
how
it
goes.
C
If
we
have
a
green
mark,
that
means
chekhov
does
not
have
any
recommendation
anymore.
Then
we
can
push
the
change
to
the
pipeline
and
in
regards
of
the
pipeline,
what
we
do
here-
and
I
will
come
back
to
that
so
we'll
trigger
the
pipeline-
and
this
is
for
azure
devops,
of
course,
but
we'll
trigger
the
pipeline
on
the
master
branch
and
then
yeah.
We
are
using
ubuntu.
So
we
will
install
check
off
by
doing
by
doing
this
command
peeping
soul
check
off.
C
Then
we
will
in
initialize
the
terraform
and
we'll
give
like
a
couple
of
information
regard
of
the
backend.
So
the
backend
is
safe
on
the
azure
site
and
then
we
will
validate
the
configuration
of
the
terraform
and
then
we'll
check
here
with
check
off
the
current
directory
or
the
the
set
module.
So
we'll
we'll
skip.
C
And
then
we
publish
also
those
results,
and
then
we
have
the
plan
and
the
plan
is
also
has
to
initialize,
because
it's
like
a
different
virtual
machine,
a
different
stage.
So
we
have
to
install
again
the
checkoff.
Then
we
have
to
initialize
the
terraform
template
and
then
we
have
to
execute
the
plan.
And
here
in
the
plan
you
can
see
that
now
we
are,
we
will
show
the
plan
and
we'll
output
inside
a
main.json.
C
That
will
be
scanned
with
the
checkoff
dash
f
command,
and
then
we
will
also
output
that
comma,
that
that
command
yeah
the
output
will
in
g
we
need
xml
as
well,
and
then
we
will
send
the
output
in
that
specific
file
and
then,
of
course,
here
we
have
all
the
parameters
to
go
against
the
azure
environment
that
we
have,
and
here
we
have
the
publish
test
results.
So
we
will.
C
We
will
publish
the
checkoff
plan
report
that
you
can
see
here
all
right
and
then
we
have
the
approved
stage
and
we
have
the
apply
the
apply
again.
We
have
to
initialize
and
then
just
execute
the
terraform
apply.
Auto
approve
command
all
right,
so
I
think
that
would
be
it
in
regard
of
the
explanation
and
then
let
me
first
check.
C
C
Add
a
specific
port
for
a
specific
range,
so
what
I
will
do-
and
here
it
is
this-
is
the
model.tf.
I
will
just
deny
this
action.
Not.
I
don't
want
to
allow
ssh
from
directly
from
all
the
internet
to
my
to
my
virtual
machine.
So
let's
do
a
check
of
minus
d.
Again,
it's
checking
everything,
and
so
we
have
like
no
skip
check
one,
but
we
don't
have
any
fake
checks.
So
now
I'm
safe
to
push.
So
I
will
push
the.
C
Okay-
let's
push
it
like
that
now
that
should
have
triggered
like
a
pipeline
on
azure
devops,
and
this
is
my
pipeline,
which
is
out
not
failing
yet
yeah.
This
is
the
one
so
it's
running
here
and
it
will
go
through
the
different
stage
I
just
explained.
So
we
have
the
validate
the
plan,
the
wait
for
approval
and
the
apply
so
job
was
expanding.
C
C
C
C
C
C
C
C
Yeah
well
yeah,
for
the
time
being.
Let
me
go
back
to
that,
because
I'm
not
sure
to
understand
why
the
mistake
was
on
the
field
and
appropriate
for
your
setup
yeah.
I
think
it's
like
yeah
and
it's
like
an
array
so
yeah
we
might
instead
of
of
this
okay,
but
anyway
we
we
can
fix
it
later,
I'm
sure
so
here
we
have
the
validate
option
and
yeah.
C
So,
for
example,
here
I
have
the
cave
this
one,
which
is
failing
so
and
here
I
can
go
when
I
go
to
this
fire.
I
will
go
to
that
website
and
see
what
is
the
recommendation
from
youtube?
And
here
basically
they
just
said
that
I
should
enable
this.
I
I
thought
I
have
done
it,
but
let's
go
back
here
and
add
on
profile,
oms
azure
policy
yeah.
I
should
basically
add
just
this
here.
C
C
C
A
C
Always
a
bit
painful
to
wait
for
the
older
that
to
be
applied,
but
yeah.
That's
the
live
demo
right.
We
need
to
to
be
a
bit
patient,
and
so
now
the
the
different
steps
are
successful.
I
know
I
will
go
to
the
plan
and
like,
like
I
mentioned
before
in
inside
the
pipeline
in
the
plan,
so
we
will
generate
here
the
terraform
plan.
C
Which
is
kinda
yeah,
which
is
which
could
be
interesting
as
well,
is
that
you
have
like
some
like
a
lot
of
affirmation
here
in
the
test
plan.
When
you
go
to
the
once.
I
think
and
I
will
open
it
in
different
tab,
and
I
will
show
you
that
just
right
after
but
oh,
I
can
show
you,
and
that
was
the
one
yeah.
We
don't
have
anything.
C
C
C
So
you
can
also
go
there
and
create
some
customer
policies
if
you
want
to,
and
otherwise
just
to
show
you
like
a
couple
of
lines,
how
to
do
the
integration
with
with
github
action
and
here,
if
my
telephone,
basically
that's
how
you
should
do
so,
you
should
set
up
python3.hey
and
then
you
can
with
the
checkoff
action.
You
can
just
pass
a
couple
of
parameters
that
you
want,
and
here
you
have
the
different
options
that
we
have
seen
into
the
cli.
You
have
them
also.
C
C
C
If
you
don't
want
to
skip
some
check
and
you
can
use
white
cards
here
right,
so
you
can,
for
example,
if
you
don't
want
to
scan
to
check
anything
which
is
aws,
you
can
do
ctv
underscore
aws
star
and
to
escape
all
that,
then
you
have
the
quiet
option.
You
have
the
surf
face.
So,
for
example,
if
you
want
to
make
sure
that
the
pipeline
goes
all
goes
okay,
even
if
you
have
like
fade
check,
then
you
just
set
it
through
and
it
will
it
it
will
allow.
C
C
Sure
I'm
almost
done-
and
here
we
have
like
also
this
kind
of
report
that
you
have,
which
are
a
bit
less
sexy
than
the
azure
devops.
So
that's
why
I
spend
most
of
my
time
on
azure
devops
but
yeah.
Basically,
that's
all.
I
wanted
to
show
you
and
if
I
come
back
here
on
the
checkoff
here,
I
have
the
branch
and
here
you
have
the
test,
and
this
is
what
I
wanted
to
show
you
today
so
yeah.
C
B
B
I
answered
them
by
using
you
know,
using
the
open
source,
poi
requests
to
create
new
content
and
also
it's
managed
by
the
product
management.
So
when
we
see
new
vulnerabilities
coming
up,
then
we
integrate
them
into
the
latest
version
and
yeah,
maybe
siemen.
When
you
know
from
your
perspective,
when
we
look
at
the
demo-
and
you
know
what
we
can
achieve
with
great
results
here,
including
them
in
the
csd
pipeline.
What
is
the
best
starting
point
that
you
see
for
some
someone
who's
new
to
chekov?
C
If,
if
you
have
a
telephone
template
the
idea
behind
it,
is
to
reuse
it
and
reuse
it.
And
then
you
might
end
up
with
a
lot
of
ticket,
because
if
you
need
to
fix,
if
you
discover
that
you
have
like
a
misconfiguration
inside
a
terraform
template
that
you
have
been
using,
I
don't
know
for
like
100
times.
Then
you
have
to
to
fix
like
a
100
production
issue,
and
that
could
be
like
a
lot
of
issues.
So
that's
a
bit
yeah!
B
Okay,
thank
you.
We
have
one
question
one
new
question
from
lorenzo
he's
asking
how
the
british
group
pricing
plan
works.
We
are
actually
counting
in
the
pricing
plan
the
number
of
code
blocks
and
we
have
something
that
is
called
credits.
So
we
you
buy
licenses
through
credits
and
then
we
count
the
code
blocks
against
the
number
of
credits
and,
for
example,
50
resources
would
divide
50
by
3,
and
then
you
have
the
number
of
credits
we
are
using.
B
C
So,
for
example,
here
in
my
terraform
procurement
is
cluster.
We
have
a
container
registry,
we
have
a
azure
communities
cluster
and
here
we
have
a
whole
assignment.
That
would
be
like
three
resources.
That
would
count
as
like
one
credit
in
term
of
christmas
load,
but
checkoff
is
free.
I
mean
it's
free
to
use
this
open
source,
so
you
can
use
chekov
without
the
virtual
program
platform
exactly.
B
Okay,
cool,
so
then,
from
my
point
of
view,
it's
thank
you
very
much
for
your
attention
and
for
joining
our
webinar
today.
I
would
like
to
close
the
webinars
a
couple
of
minutes,
giving
you
back
and
simone.
Thank
you
very
much
for
being
the
god
today
and
yeah
enjoying
enjoy
your
day
enjoy
your
evening.
Thank.