►
From YouTube: Mar 7, 2023 - Ortelius General Community Meeting
Description
Topics for this discussion included accepted talks for the Ortelius Team at CDCon as well as meetups. Steve Taylor also introduced Ortelius defined to the hosted DeployHub Team for everyone to begin reviewing and testing.
A
B
So
welcome
everybody
to
the
artillery
general
meeting.
March
7th
I
don't
have
up
the
dock,
but
I
have.
C
C
Okay,
so
as
a
follow-up
to
last
week's
Community
call,
I
had
I'll
just
put
Outreach
summary
I
had
put
out
a
a
request
for
help
on
doing
social
networking.
Arvin
stepped
up
and
I
added
Arvin
to
the
HootSuite
account.
So
Arvin
now
can
post
on
the
ortillas
Twitter
and
the
artillius
LinkedIn
page.
D
I
can
edit
that
which
account
to
that
the
PIN
code
board.
So
we
have
to
write,
try
tuning
theater
stream.
Then
it
will
just
send
the
link
directly
to
our
server.
B
Okay,
I
think
most
of
the
Bots
you
can
use
when
you
go
to
like
the
bot
website,
it'll,
say
log
in
with
the
Discord
server
or
your
or
or
something
like
that
or
you're.
Like
your
Google
account
pick
the
Discord
server
I
think
that's
the
way
most
of
them
are
linked.
B
Yeah
go
ahead
and
set
up
another
Channel
for
that
new
bot
and
then
we'll
swap
them
out.
C
But
the
car
got
us
out
of
the
gate
by
publishing
his
blog
on
blockchain
I
accepted
that
pull
request.
I,
don't
know
if
it's
out
there,
yet
it
should
be.
Let's
quickly,
look.
A
C
So
out
there.
B
Yeah,
so
the
website
and
the
documentation
are
now
on
netlify.
So
as
soon
as
the
something
gets
merged,
it
will
go,
live.
A
A
E
E
B
What
we
need
to
do
is
we
need
to
add
that
to
the
website,
so.
C
What
I'll
do
is
Steve
is
I
will,
as
they
come
in
I
will
transfer
them
over
to
the
main
artillius
repo.
Will
that
work,
or
should
I
put
it
in
the
website.
C
Here
we
go
okay
talks.
We
had
some
interesting
accepted
talks.
I
got
accepted
to
speak
at
honor
tiliate
at
CD
cdcon,
so
I
was
accepted.
C
C
C
A
F
Someone
can't
make
it
because
they're
traveling,
then
you
talk
you're
like
a
super
sub.
A
A
F
C
Actually,
really
fun,
they
do
a
good
job
of
it
yeah.
So
it's
j,
frogs
annual
user
conference.
A
A
C
Okay,
so
that's
good
news:
we've
got
some
good
speaking
spots
over
the
course
of
the
next
two
in
May.
F
Thank
you
for
the
material
I'm
gonna
just
add
that
to
I'm
just
gonna
build
it
into
my
slide.
Yeah.
E
F
C
Just
put
it
under
there,
it
is
so
for
that
reason.
Sasha
asked
me
to
put
together
a
slide
deck
for
ortelius
and
I
am
just
going
to
quickly
run
through
that
slide
deck.
So
everybody
knows
it's
out
there
and
that
we
can
use
it.
F
Yeah,
it's
really
nice.
It's
really
cool.
C
A
C
On
a
slideshow,
so
it's
not
terribly
long,
and
anybody
can
use
this.
If
you're
you
know
presenting
someplace,
you
can
obviously
use
the
template,
even
though
the
template
I
don't
know
why
it's
not
working
the
way
it
should,
but
you
can
copy
you
know,
pages
to
get
the
the
backgrounds,
so
I've
been
working
on
messaging
to
try
to
really
kind
of
consolidate
what
we
do,
which
is
really
hard
and
so
far
I've
come
up
with
this
unlock
your
supply
chain,
intelligence,
trapped
across
siled
containers.
C
I
start
with
explaining
how
complex
software
security
is,
with
some
of
these
very
kind
of
big
deal
numbers
742
percent
of
malicious
attacks.
It's
the
growth
since
I
think
it
was
2021.
C
C
This
can
morph
into
a
discussion
about
observability
running
in
a
cluster
but,
as
we
all
know,
we're
doing
this
prior
to
any
actual
deployment,
so
we're
trying
to
create
this
data
as
free
deploy
as
opposed
to
post,
deploy
and
be
more
proactive,
as
opposed
to
reactive
I,
pull
this
idea
of
Trapped
software
supply
chain
intelligence
into
this
screen,
where
I
show
how
each
microservice
has
its
own
s-bomb
cve
versions
and
inventory,
as
well
as
the
UI
that
may
be
consuming
them,
and
just
talk
about
how
the
security
and
devops
data
is
trapped
across
these
siled
containers
and
pipelines,
because
a
lot
of
this
information
is
still
out
there
sitting
in
a
pipeline.
C
We
I've
been
using
this
graphic.
It
seems
to
be
helping
people
understand
what
we
do.
We
talk
about
unifying
the
view
of
an
organization
security
profile
versus
one
container
at
a
time
and
how
we
aggregate
this
critical
security
and
devops
insights
across
the
organization
bringing
in
information
like
CBE
information,
s-fom
information
deployment,
details
and
the
registries.
C
Choice,
you
know
I'm
really
pushing
this
idea
of
you.
Have
the
data
make
it
actionable
centralize
all
your
security
and
devops
and
SCA
data
for
anybody
who
doesn't
know
SCA?
Is
software
composition,
analysis
it's
the
kind
of
stuff
that
jfrog
does
all
the
scanning
use
service
to
impact
you've
you've
used
service?
That's
got
a
typo,
I'm
glad
I'm
doing
it.
You
service
impact
to
all
consuming
logical
applications.
Does.
C
Open
source
package
usage
across
the
organization
assign
release
numbers
to
logical
applications
as
Services
change,
version,
microservices
track,
microservice
version
and
usage
across
all
clusters
and
then
I
sh
I
have
some
screenshots
that
I
added
this
is
an
application.
Level,
s-bomb
and
I
did
add
the
you
know.
How
do
we
answer
the
question?
C
Who
is
using
a
log
for
Jay
I
quickly,
explain
the
pipeline,
where
all
these
tools
are
and
where
we
fit
we
fit
at
the
very
of
the
point
before
release
where
we're
registering
and
cataloging
all
this
information
I've
put
this
architecture
image
that
we've
been
working
on.
I,
don't
know.
If
you
need
to
use
this,
but
it's
out
there,
you
can
always
slide
it
down
and
then.
F
C
I
do
too
and
we,
we
could
potentially
add,
split
this
into
or
this
and
two
and
show
that
we
may
be
eventually
if
the
emporious
project
gets
kicked
off
and
we're
going
to
be
working
with
it.
We
would
have
a
second
a
rainbow
push
I
believe
I
added
the
open
source
security
tools,
landscape
oftentimes.
When
we
do
these
kinds
of
presentations,
it's
not
always
good
to
be
completely
self-serving.
So
This,
I
Gotta
fix
that
it's
got
a
weird.
C
Right
so
it
shows
up,
it
shows
up
the
phases,
you
know
the
code
and
pre-build
the
build
the
post
build
and
the
publish
and
where
artillius
fits
into
that
and.
C
F
All
open
source,
not
just
no
questions,
has
gathered
all
information
prior
to
that,
including
the
published
part
I'm.
Understanding
that
correctly,
you
are.
You
are
okay,
because
I'm
gonna,
because
I'm
listening
carefully.
What
you're
saying
now,
because
I'm
gonna,
usually
slides
tomorrow
and
I'm,
going
to
make
sure
I
use,
correct
sort
of
you
know
wordy
and
description
and
yeah.
C
F
C
F
Yeah
and
I
really
I
really
love
this
Slide
the
slide
deck
when
I
looked
at
it
because
I
feel
like
until
it's
Tillis
has
got
a
little
bit
of
a
different
I.
Don't
know
Direction
at
the
moment,
and
we've
gone
a
different
direction
in
a
good
way,
because
I
just
want
to
use
an
example.
I
was
in
an
interview
yesterday
and
I
was
speaking
to
some
guys
in
in
Denmark
they're,
a
devops
company
and
I,
asked
them
and
I
said
how
do
you
extract
the
information
that
is
locked
inside
your
repos?
F
You
know
your
versioning
and
all
that.
How
do
you
present
that
to
business
people?
Because
there
were
two
people
in
the
interview
which
is
awesome?
One
was
a
tick
like
devops
guy,
another
was
a
business
person
and,
and
they
were
like-
that's
a
really
good
question.
We
actually
they
didn't
know
they
did
that
they
didn't
actually
have
an
answer
and
they
were
so
I
feel
like
well.
Tilious
is
perfectly
fitting
in
that
space
to
help
listeners
understand
the
technology
better,
because
it's
presenting
this
information
that
is
locked,
maybe
known
to
the
engineers.
C
Totally
and
that's
what
that's
basically,
what
we
are
you
know
initially,
we
talked
a
lot
about
tracking
the
deployment
and
tracking
the
drift
of
the
version
drift
of
microservices
across
all
these
these
clusters,
but
we
have
since
added
to
the
once
we
have
that
versioning
engine
we
could
then
expand
upon
it
and
I
think
expanding
upon
it
and
including
all
this
other
kinds
of
data
sets
itself
to
be
a
central
point
of
data.
Gathering.
C
Kodak
is
their
developer,
AI
developer
assistant
tool
right,
okay
and
you
can
sit
there
and
you
can
use
language
english-like
language
and
it
will
generate
code
for
you.
What
it
does
is
it
goes
out
and
it
searches
all
of
the
open
source,
GitHub
repos
for
code.
C
C
When
we
think
about
an
organization's
profile
for
security,
we
don't
have
any
way
to
do
that
kind
of
AI,
because
there's
no
local
place
for
that
data.
If,
if
artillius
grew
up,
it
would
grow
up
to
be
a
giant
Hub
of
deployed
data
that
we
could
actually
take
advantage
of
and
do
some
more
intelligent
actions.
So,
for
example,
you
could
use
the
deploy
the
ortilious
data
to
go
out
and
say:
I
need
I
want
a
Helm
chart
that
will
deploy.
C
You
know
these
these
applications
and
it
would
generate
one
for
you
and
put
together
a
workflow
for
you.
Kind
of
like
backstage
is
doing
except
it
would
do
it.
It
would
just
generate
it
automatically
or
it
would
place
it
into
a
CD
events
pipeline
workflow,
where
it
said.
Okay,
your
pipeline
includes
data
Gathering,
and
this
is
where
it
goes.
So,
there's
a
there's
some
interesting
things
we
could
do
if
the
data
gets
out
there,
but
that
is
down
the
road.
But
ultimately,
yes,
Sasha.
That's
where
we're
headed
yeah.
F
C
I
will
get
it
yeah,
they
will
get
it.
When
somebody
says,
can
you
give
me
an
application,
s-bomb
and
they're
doing
a
and
instead
of
microservices
environment,
and
they
want
to
see
an
application
Level
data.
C
They
want
to
see
the
application
cves,
not
one
one
single
Helm
chart
a
container
now
if
they
put
it
in
artifact
Hub,
and
then
you
put
everything
in
it
together
that
artifact
Hub
is
sort
of
in
in
some
way
competes
with
us
just
for
that
small
piece.
But
that's
why
the
relationship
with
emporius
becomes
interesting,
because
then
we
we
have
a
a
repo
that
we're
actually
interfacing
with
yeah.
C
And
then
we
end
here,
so
it's
out
there
I'll
make
that
little
correction
on
the
screen.
It
has
this.
It's
probably
in
my
white
paper
that
I
wrote,
which
is
terrible
but
I'll
have
to
check
it
out,
and
so
it
should
have
everything
and
if
you're
working
with
this-
and
you
want
to
add
your
own
info,
you
certainly
can.
C
You
can
copy
the
Google
sheet,
add
and
subtract
whatever
you
want,
and
I
am
going
to
right
now,
while
I
think
about
it.
I
will
share
this
I'm
going
to
share
this.
C
Right
I'll
make
sure
it's
in
the
a
folder,
but
I
want
to
restrict
this
one.
So
nobody
changes
it
accidentally.
E
E
A
C
All
right
and
I'll
move
it
over
into
the
correct
directory,
so
everybody
can
find
it.
Hey,
Sim
I
just
went
through
our
our
slide
deck.
Sorry,
you
missed
it,
but
it
is.
C
So
Sasha's
doing
a
meet-up,
so
anytime
anybody
may
be
doing
a
get.
Invite
gets
invited
to
do
a
presentation
on
artelius
the
slide
deck
is
for
the
purpose
of
you
can
use
it
as
it
is,
or
you
can
use
pieces
and
parts
of
it.
G
C
Correct
so
you
can,
you
can
take
some
of
these
slides
so
that
you
can
somewhere
to
start
or
the
deck
the
deck
as
it
is,
is
pretty
complete.
It
has
a
pretty
complete
story,
but
if
you're
doing
something
else
around
security-
and
you
want
to
bring
in
artillius
at
the
end-
or
you
want
to
steal
some
of
these
slides
that
I've
added
for
showing
how
complex
the
security
puzzle
is,
you
can
use
them.
So
it's
just
a
tool.
G
A
G
C
I
did
I
signed
up
and
wanted
to
see
what
was
happening
with
that.
Do
you
know
what
those
workshops
are.
G
G
Absolutely
that
is
part
of
the
strategy,
like
I,
think
you
are
also
joining
the
goal
me
also
joining
the
goal
next
time
with
the
CDF.
So
if
those
presentations
are
ready,
then
we'll
start
discussing
this
idea
that
we
want
to
host
a
otilious
workshop
in
there.
Yes,.
G
G
Because
this
is
part
of
the
planning
they
haven't
available
on
the
website,
they
discuss
it
with
the
ambassadors
and
then
the
definitely
provide
a
feedback
so
actually
they're.
Looking
for
the
title
and
the
abstraction
or
kind
of
what
sort
of
Workshop
they
should
be
organizing,
that
is
okay.
This
call
happening
next
Wednesday.
C
G
G
B
C
Get
involved
next
Wednesday
to
make
sure
that
we're
we're
being
included
in
it.
That
was
one
when
I
saw
it
come
through.
I
was
like
I
wonder
what
they're
doing
I
better
I
better
know
about
this
I
also
need.
We
also
need
to
be
added
to
should
also
get
a
spot
on
the
CDF.
What
do
they
call
it?
Pipeline,
with
with
tech,
strong.
C
A
Sorry
regarding
being
Tech
strong
pipeline
panel,
okay,
it's.
C
Let's
see
if
we
can
get
ourselves
in
there:
okay,
I'm
Gonna,
Leave,
Steve,
with
architecture,
just
a
review
of
what
we've
done
with
in
the
art
on
the
architecture
team.
B
Yeah,
so
I
am
working
on
the
adding
the
missing
pieces
that
Tony
pointed
out
for
the
architecture
diagram,
so
that
is
coming
along
and
also
on
the
devops
side.
I
think
we
have
most
of
our
cves
cleaned
up.
B
B
Yeah,
something
in
Alpine,
fell
over
overnight,
so
a
bunch
of
crypto
stuff
popped
up
a
cve.
So
a
lot
of
this
is
just
a
rebuild
that
we
just
go
ahead
and
when
we
rebuild
the
images
that
they
automatically
fix
themselves,
basically
so.
B
I've
thought
about
that
doing
thing.
Is
we
just
end
up
with
lots
of
Helm
charts,
because
every
time
you
you
rebuild,
you
end
up
with
a
new
version
and.
B
Even
though
it's
not
used
so
I
think
once
we
get
the
a
way
to
identify
and
act
upon
the
cves
as
they're
coming
in
that
we
can
do
some
automation
around
it.
C
B
A
B
Think
we'll
need
a
like
a
like.
You
said
a
separate
process
to
look
at
the
artillius
database,
saying:
oh,
we
have
a
cve
now
was
there
a
fix
for
it
and
let's
go
ahead
and
schedule
it
and
automatically
schedule
it
so
that
I'll
have
to
open
an
issue
on
that
front?
B
A
B
She
is,
she
was
looking
for
something
to
do,
and
one
of
the
things
that
we
need
to
do
is
add
super
linter
to
the
repositories
to
lint
our
code
base
over
the
weekend.
I
figured
out
what
needs
to
be
done
and
added
that
to
the
issue.
So
please
keep
an
eye
on
Discord
see
if
she
needs
any
help
on
that
front
to
work
with
that.
It
was
interesting.
B
We
actually
the
linters,
actually
found
some
coding
mistakes
in
our
python
code
that
need
to
be
corrected
and
also
some
best
practices
in
our
Docker
images
like
it
was
simple
stuff
like
in
the
docker
image,
what
you
can
do
a
run
a
run
command
and
say
CD
to
like
slash
app
and
the
linter
actually
caught
that
and
said
you
should
use
working
der
slash
App
instead
of
a
CD
and
a
run
command.
B
I,
don't
know
why
I
think
it
is
just
the
best
practice
used
working
der
when
you
run
commands,
because
the
working
dur
you
know
based.
B
So
that's
one
of
the
things
that
I
noticed
on
that
front.
I'd
have
to
look
at
the
the
technical
reason
why
it's
a
best
practice,
but
that's
one
of
the
things
I
did
notice.
I.
B
So
I
added
to
the
issue:
I
added
pre-commit
configuration
files
as
well,
so
there's
some
configuration
we
had
to
do
around
the
python
black
program
and
flake
eight.
Those.
C
B
So
I
did
change
the
the
default
line
length
from
88
characters
to
200
88.
This
is
two
makes
your
programs
that's
too
narrow
and
long.
So
everybody
can
turn
on
word,
wrap,
yeah,.
B
Yeah,
so
that
was
one
of
the
the
configuration
things.
So
that's
what
we
have
going
on
there.
C
Would
you
share
your
screen?
Would
you
bring
up
the
or
the
deploy
Hub
team
where
you
have
installed
artillius
and
I've
added
I've
added,
like
six
of
you,
everybody
who
attends
the
architecture,
calls
on
a
regular
basis,
got
added
to
it
and
just
walked
through
what
how
you
have
it
set
up.
B
Yeah,
let
me
so.
C
I
have
added
Sasha
got
added,
Arvin
got
added,
Brad
McCoy
got
added
food
crush,
got
added,
I
did
I,
think
I
said
arvind,
so
you
all
were
added
and
I
sent
you
an
email
that
said:
here's
your
pet,
your
air
user,
ID
and
password.
If
you
want
to
get
involved
in
working
on
this
and
testing
at
this
level,
please
just
shoot
me
an
email
or
Steve
or
put
it
in
Discord.
To
say.
Please
add
me
to
the
artillius
the
in
deploy
Hub
team
I.
C
Think
that
would
be
the
fastest
way
to
to
to
do
that.
For
now
and.
B
C
F
B
We've
been
collecting
the
data
for
a
while
now,
so
these
are
all
the
builds
that
have
been
happening.
I
may
go
through
and
clean
up
some
of
this.
Just
because
there's
like
the
website,
we
used
to
have
a
container
and
tracked
the
website
in
documentation.
There's
these
these
the
sample
applications
I,
think
I
may
go
through
and
give
us
a
clean
starting
point.
F
It's
cool
to
show
on
like
a
a
an
event
right
like
like
tomorrow.
This
is
what
it
would
look
like
if
you
were
building
a
microservice
inside
otiles
right,
yeah,.
B
So
this
is
like
one
of
the
main
branch
of
the
component
item
microservice.
If
we,
let
me
just
restart
it,
I'll
pick
oops
take
17,
for
example,.
B
We're
Gathering
all
the
information
about
the
who
built
it,
where
all
that
fun
stuff
there's
some
stuff
that
we
just
need
to
add
to
the
toml
file
to
pick
up
like
the
chart,
repo,
those
are
like
little
things
and
then
our
readme,
this
one
doesn't
have
a
Swagger.
It
actually
does
have
Swagger,
but
it's
kind
of
buried
inside
of
the
microservice
itself.
B
B
Yeah
yeah
exactly
so.
If
we
look
at
the
workflow
runs
we're
looking
at
comp
item
this
one.
B
If
you
look
at
the
actions
here
so
this
is
the
one
that
was
a
couple
days
ago.
B
So
we
do
our
checkout.
We
set
up
some
environment
variables,
we
log
into
Quay.
We
actually
do
the
build
of
the
image,
so
this
is
actually
building
the
docker
image
of
the
Python
code
and
then
from
there
Arvin
added
a
vulnerability
scan
to
the
image
and
uploading
those
results
over
to
the
security
tab.
I'll
show
that
in
a
second
and
then
we
go
through
and
update,
do
a
home
command
update
our
home
charts.
So
because
this
is
a
microservice,
it's
the
the
child
charts
that
are
getting
updated.
B
We
commit
those
back
to
the
repository,
so
they're
picked
up
by
the
GitHub
Pages.
We
generate
the
s-bomb
using
a
Snick
and
then
we
go
ahead
and
upload
the
components.
So
this
is
actually
artillius
running
inside
of
this
workflow.
So
we
have
the
s-bomb
I.
Just
don't
know
why
I
have
to
look
to
see
why
it's
not
getting
what's
happening
to
us.
There's
an
error
on
the
s-bomb
part,
but
there's
a
s-bomb
that
we
get.
A
E
E
B
They're
of
artillius
yeah
and
they're
they're
shared,
so
these
microservices
are
actually
used
by
deploy
Hub
and
ortillas
at
the
same
time.
So
this
this
microservice
here
is
used
utilized
by
both.
B
That's
one
of
the
things
that
we
have
to
do
is
reorganize
the
domain
structure.
So
right
now
we
have
the
domain.
Let
me
make
this
a
little
bit
bigger
for
you.
So
the
domain
is
artillius
SAS.
B
C
Think
we're
looking
at
components,
I'm
suggesting
you
go
over
to
domains
and
show
how
the
domains
are
set
up.
E
B
B
So
it's
something
with
Zoom
today,
there's
a
lag,
so
we
have
our
our
Global
artelius
domain
and
then
we
have
our
SAS
and
then
in
SAS,
that's
the
lowest
level.
So
what
I'm
saying
is
under
Global?
We
need
to
build
out
the
open
source
projects
and
have
those
those
be
domains
as
well.
So
under
Global
we
should
have
a
Linux
foundation
and
then
we
may
want
to
have
Linux
foundation
and
underneath
Linux,
Foundation,
CDF
versus
and
another
one
for
like
cncf.
B
Yeah
and
then
the
other
ones
would
be
like
Global
Apache
Foundation
would
be
another
another
domain
that
we'd
want
to
think
about.
That
would
be
at
the
highest
level
as
well
would
be
like
Apache.
Maybe
the
eclipse
Foundation
would
be
another
one
and
the
reason
being
is
we
will
bring
in
actual
dependencies
from
those
organizations
as
well,
not
as
much
on
the
Apache
side,
because
Apache
doesn't
really
have
Docker
images
that
we
are
consuming,
but
we
are
consuming
like
the
eclipse.
B
Foundation
is
providing
us
a
base
image
for
the
jdk,
an
eclipse
jdk
runtime
that
we
use
as
a
Docker
image.
Other
ones
are
like
chain
guard,
one
of
their
some
of
their
images
and
Wolfie.
So
there's
some
other
domains
that
we
need
to
think
about
how
we
need
to
organize
them
and
kind
of
lay
them
out.
We.
C
B
And
we
can
move
things
around
down
the
road.
Doesn't
it's
not
a
big
deal
to
do.
C
So,
if
you're
interested
in
starting
to
become
a
user
to
help
us
as
soon
as
we
get
you
know
some
of
these
bugs
sorted
out
and
I'm
also
going
to
suggest
that
maybe-
and
we
should
put
this
we're
way
over
time,
but
I
I
should
probably
work
on
a
logo
that
says
ortilius
over
here:
oops
artillius
on
the
left
side
and
then
I
would
we
would
put
powered
by
deploy
him
team
on
the
right.
So
people
know
it's
it's
who's
hosting
it.
B
Yeah
so
and
I
think
when
we,
when
we
get
the
new
UI
sorted
out,
it'll,
be
looks
like
I'm
kind
of
leaning
toward
the
riot
JS
as
the
framework.
The
main
reason
is,
it
is
component
based
based
on
web
components
and
it'll.
Allow
you
to
create
a
web
component
in
any
language
and
bring
it
into
your
site.
So
if
you
want
to
write
that
web
component
in
python
or
node
or
rust,
you
can
do
that
and
bring
it
in.
B
Have
not
gotten
anything
from
the
design
perspective
from
nicta
out
of
Ukraine,
so
we'll
have
to
see
what
the
I'll
loop
back
around
with
him
to
see
what
what
he's
up
to
and
we
may
just
need
to
move
on
if
he
doesn't
have
anything.
F
Steve,
when
you
say
testing
of
hotels,
how
do
we
go
about
doing
that
or
what
do
you?
What
do
you?
How
do
you
define
that?
What
does
it
mean
to
be
testing
or
to
this?
Because
we've
got
a
login
now
now
we're
just
looking
at
the
making.
B
Sure
that
the
the
data
is
there,
that
we
expect-
and
let's
say
we
deploy
over
to
our
Azure
cluster,
a
version
of
artillius.
B
B
As
we
move
from
a
commit
on
a
microservice.
For
example,
that's
going
to
trigger
a
a
build,
a
new
child,
subchart
update,
and
then
it
comes
back
around
as
a
parent
update
and
then
from
there.
We
need
to
make
sure
that
that
version
is
when
we
deploy.
It
is
recorded
accurately
in
the
database
and
all
the
s-bomb
data
and
stuff
like
that.
D
B
One
of
the
things
I've
been
kind
of
working
on
is
a
kind
of
like
a
checklist
of
what
you
should
have
in
your
whole
supply
chain
and
some
instructions
on
how
to
set
it
up
and
how
to
verify
so
things
like
does
the
repository
have
a
license
file?
B
Open
source
projects
have
those
pretty
regularly,
but
if
you
go
into
a
project
like
what
you're
working
with
Sasha,
they
probably
don't
have
a
license
file.
They
probably
don't
have
a
readme.
F
Some
of
them
don't
have
anything,
and
if
it
is
really
it's
horrible
yeah
and
then
this
has
been
updated
in
centuries.
Yeah.
B
B
All
those
fun
things
is
git
commit
signing
turned
on
is
a
git
signature,
which
is
different
than
git
signing,
enabled
all
those
fun
things
repository
scans
dependency,
Bots
image
scanning
all
those
things,
there's
probably
there's
a
bunch
that
I
know
I'm
I'm
missing
on
this
add
to
the
checklist,
but
this
is
kind
of
the
stuff
I'm
I'm
thinking
that
we
should
be
making
sure
we
have
all
this
information
gathered
inside
of
ortelius.
B
Now
the
current
version
may
not
support
all
of
this
information
like
assetation
and
verifying
that
stuff.
That
will
probably
come
in
a
new
version,
but
we
just
need
to
make
sure
so
if
anybody
has
anything
for
a
checklist,
just
post
it
on
Discord
and
I'll,
add
it
to
the
list.
F
F
B
This
is
some
of
the
things
the
basic
things
like
we
don't
have
it
turned
on
yet
and
artillius
is
the
requirement
for
commit
signing
and
signatures
those
two
things
we
need
to
turn
on
for
our
repos
Brad
turned
on
2fa
a
couple
weeks
ago,
but
those
type
of
things
are
are
what
we
need
to.
B
You
know
try
to
try
to
come
up
with
what
is
like,
not
necessarily
A
best
practice.
But
what
is
your
compliance
for
lack
of
a
better
word
on
making
sure
you
have
all
all
the
pieces
in
place
because.
B
B
If
we
go
back
over
today,
some
of
the
repos,
like
the
one
that
we
had
we'll
take
a
look
at
this
one
I
think
it
has
a
polar
across
out
there.
It's
like
this
one,
this
microservice,
we
have
two
pull
requests
where
we
have
to
actually
bump
versions
of
the
the
version
of
SQL,
Alchemy
and
pedantic.
B
B
Some
of
them
you
have
to
make
sure
you
have
to
go
and
test
other
ones.
You
can
kind
of
assume
that
they're
going
to
work
like
we
went
from
one
one,
four,
seven
to
204
and
that
required
a
coding
change.
B
That
was
a
breaking
change
for
us
yeah
exactly
but
there's
because
we
in
when
we
go
forward
with
the
new
architecture,
I
think
we
have
like
16
or
20
microservices.
That
will
need
to
keep
an
eye
on
on
all
this
automation.
That's
happening
that
we
have
to
kind
of
go
in
and
say
yes,
I,
agree
with
that.
F
Does
that
get
automatically
emailed
out
or
how
does
that?
How
do
you
get
alerted
to
that?
Does
it
come
into
a
Discord,
Channel
or
some
sort
of
message.
B
Right
now
it's
coming
via
your
GitHub
notifications,
but
we
could.
We
could
probably
have
Arvin
figure
out
how
to
connect
up
Discord
and
GitHub
for
dependent
pod
alerts.
D
B
F
Yeah,
you
can
probably
find
a
really
amazing
in
the
apps.
B
Yep,
the
more
stuff
done
for
us,
and
that's
part
of
that
that
long
list
is
we
want
to
be
able
to.
You
know
make
sure
that
we
tell
people
how
to
do
it,
and
then
we
have
to
have
the
automation
side
to
verify
that
they
actually
did
it.
Yeah.
B
Think
so
there
will
be
things
that
we'll
need
to
figure
out
like
whether
two-factor
authentications
enabled
for
the
repository
that
gets
into
some
of
the
GitHub
command
line.
I
think
to
be
able
to
look
at
some
in
some
of
the
restful
apis
I'm.
F
F
D
B
Yes,
definitely
I
will
move
that
that
checklist
into
the
artillius
directory
and
I'll.
Let
everybody
know
where
it's
at
on
Discord
yeah.
D
B
F
F
B
F
C
E
C
And
everybody
I
am
going
to
be
sending
off
a
a
vote
for
our
favorite
studio,
ortillas
contributor.
So
please
make
sure
you
vote
and
then
there
will
be
a
vote
for
Ambassador
asym
has
been
nominated
and
we
nominated
Steve
for
the
top
CDF
contributor.
So
if
you
get,
if
you
see
those
votes
come
through,
please
take
care
of
it
right
away.