►
Description
Connect with us.
Meetup: https://www.meetup.com/GitHub-Presente/
Facebook: http://fb.com/github
Twitter: http://twitter.com/github
LinkedIn: http://linkedin.com/company/github
About GitHub
GitHub is the best place to share code with friends, co-workers, classmates, and complete strangers. Millions of people use GitHub to build amazing things together. For more info, go to http://github.com
https://www.meetup.com/github/events/280673427/
A
B
B
A
B
B
Remember
it,
but
here
so
in
this
slide,
we're
going
to
need
you
to
point
your
cell
phone
camera
at
this
is
QR
code
to
choose
the
language
in
which
you
want
to
hear
this
presentation.
Ok,
it's
us.
There
is
simultaneous
translation
in
English
and
Spanish,
but
Pedro
and
I
are
going
to
present
everything
in
Portuguese.
Ok,.
A
That's
it,
the
slides
will
always
be
in
English
Oh
me
and
we
will
have
original
audio
in
Portuguese.
In
case
you
don't
understand
anything
the
what
we're
talking
about.
Obviously,
it's
no
use
for
me
to
explain
either,
but
you
go
to
the
right
channel
and
there
will
be
great
Rotary
achievements
there
for
you
to
follow
what
we're
going
to
say.
Content
will
be
in
English
for
ease
of
access
for
everyone.
A
I
know:
Hello
I'm,
Pedro,
I'm,
a
Solutions
engineer
here
at
Milk
Quick,.
So
it's
just
the
engineering
part
that
talks,,
let's
go
from
here,
taken
out
of
the
entrance
of
the
product
to
the
outside,.
We
are
always
dealing
with
the
clients,
es
that
even
your
book
with
the
customers
who
work
here
in
Brazil
and
talks
about
you,
a.
B
Little
Hello
people,
my
name,
is
Guilherme
Santos
right,
I'm,
a
commercial
representative
responsible
for
the
Brazilian
territory.
I
live
here
in
São,
Paulo
I'm
working
here,
Tiago
already
has
some
12
years
old,
42
years
old
and
Peu
and
Pedro
are
on
the
same
team
in
the
I.
He
just
said:
there,
practically.
A
And
let's
go
It's
good,
I
think,
before
we
start
here,
it's
important
to
talk
about
what
is
otitis
and
the
size
of
it,
right,
personally,
people
are
used
to
looking
at
Beach
rugby,
like
this
company.
That
has
a
lot
of
open
projects
and
a
lot
of
series
like
that,
the
gigantic
community.
That
is
true.
We
have
65
million
developers
right
like
shampoo,
but
it
is
important
for
us
to
see
that
we
have
solutions
that
range
from
the
public
Open
partner.
That
has
a
free
platform.
A
A
lot
for
all
communities
used
from
beginning
to
end
of
the
software
development
cycle
is
not
na,
and
that's
why
we
have
dozens
of
the
main
projects.
The
Beach
accident
thought
about
this
year,
but
we
are
also
a
platform
that
offers
solutions
for
all
type
of
company
for
all
types
of
teams,,
all
types
of
Startups
too,.
A
Platform.
thousands
of
major
open-source
projects,
so
if
you
use
any
library
in
your
software
development
on
Teca,
it's
within
the
switch,
somehow
we
manage
for
year,
two.,
Two,
Billion,
Contributions
and
Trace
is
a
lot
of
contribution
and
it's
a
lot
that
we
have
to
manage.
Like
another
platform.
And
then
I
challenge
ours
to
scale
this
to
everyone
and,
at
the
same
time
deliver
a
solution
that
is
useful
and
that
makes
the
life
of
the
developer.
B
A
Than
3
million
organizations
and
seventy-,
two
percent
of
companies
Sport
with
500,
are
our
customers,,
which
means
that
of
the
50
largest
companies
listed
on
the
stock
exchange,.
Seventy-Two
percent
of
them
are
our
customers,,
which
says
that
we
are
also
in
the
world
enterprise
right.
So
we
have
there
for
a
long
time
that
companies
use
that
love
you
to
be
able
to
bring
all
this
culture,
this
system
that
they
have
from
the
outside
to
the
inside.
Here
too,
so
we
work
with
and
digitally.
Sometimes
we
work
with
companies
that
sent
has
many
years
of
life.
A
There
has
a
legacy
and,
let's
say
almost
analogues
are
going
through
there.
They
went
through
this
journey
of
digital
transformation.
We
are
with
With
the
main
open
source
projects,
and
we
are
also
with
this
ecosystem
of
Devotees
Sorry,
guys
from
the
production
I'm
going
to
speak
slowly
so
as
not
to
compromise
anyone.
A
Important
is
that
we
have
recently
launched
the
part
of
discussions
with
Machine
with
automatic
translation
into
several
languages.
So
if
yo
want
to
participate
in
a
discu
sion
within
what
you
love
and
no
is
no
fluent
in
English,
she
is
like
most
f.
The
discussions
happens
within
YouTube.
If
your
browser
is
configured
with
Portuguese,
Korean
Spanish
or
for
as
the
main
language,
this
will
appear,
and
it
is
for
you
to
put
an
automated
translation
inside.
It
works
super
well,
I
tested
it
for
some.
Some
discussions
is
already
super
cool.
A
If
you
have
feedback
so
that
we
can
also
take
a
look
inside,.
So
whenever
you
access
the
repository
and
have
a
discussion
that
you
want
to
participate
in,,
but
you
don't
understand,
100%
everything
that
is
happening.
Usa
automated
translation
in
there,
there
will
be
a
lot
of
cool
things,.
It
's
good
I'm,
going
to
focus
here
now
on
the
safety
part,
right
then,.
When
are
we
going
to
talk
about
the
safety
part?
A
It's,
always
good
for
us
to
think
of
Several
Several
steps
that
lead
to
even
a
safe
soft
development,
and
it
really
we
are
concerned
with
delivering
solutions
that
go
from
the
beginning
to
the
end
of
this
supply
chain
of
the
supply
chain.
It
is
in
your
eyes
so
important
to
people
think
from
the
inside
out
so,
for
example,
when
you're
writing
your
own
code,
right
then,
when
I'm
writing
in
the
code
itself,.
How
can
I
guarantee
that
I'm
not
putting
a
new
negability
inside
that
application,?
B
A
Safe
but
at
the
same
time,
when
I'm,
bringing
the
application,
bringing
libraries
and
bringing
solutions
from
the
outside
to
the
inside,
how
do
I
also
guarantee
that
these
libraries,
the
dependencies
that
my
softer
will
have
so
that's?
Why
we
talk
about
where
E
then
my
application,?
How
can
it
not
be
putting
it
at
risk,
because
this
code
is
not
me,?
It
is
not
my
team
that
develops
it,
right,
I
I'm,
bringing
it
from
third
parties
So,
as
if
it
were
third
parties
contributing
directly
to
my
code
base.
A
How
can
I
guarantee
that
this
will
be
Safe,
it's
important
to
ensure
that
you
are
not
putting
vulnerabilities
through
the
libraries
inside
and
also,,
along
with
that,,
ensure
that
your
a
Software
development
cycle,
it's
safe,
right
So?
How
do
I
talk
to
this
lifecycle
and
assure
you
that
I'm
not
going
to
validate
security
at
a
specific
point,
but
that
I'm
going
to
put
it
separately
spread
throughout
the
development
lifecycle?
So
this
helps
us
to
identify,
for
example,.
That
security
is
not
something
that
is
done
at
the
end
of
the
process,.
A
Security
is
not
something
that
is
done
by
a
single
person,.
It
is
a
responsibility
to
share
security,
is
spread
throughout
the
life
cycle
of
development
too,.
So
we
have
to
see
safe
development
in
these
pectus
and
we
are
going
to
show
today
a
little
bit
of
how
I
this
works
is
part
one.
We
are
going
to
do
this
presentation
in
two
big
parts
today
I
will
talk
a
little
about
how
to
work
with
code
scanner
and
how
to
configure
it
inside
your
repository.
A
There
will
be
a
zoom
to
be
able
to
do
Network
and
get
to
know
each
other
a
little,
so
we
will
open
a
guy
stay
at
it's
the
end
that
we're
going
to
open
a
separate
channel.
So
we
can
talk
beauty,
it
's
good
to
start
talking
a
little
bit
about
safety,
we're
good
for
us
to
understand
why,
right.
If
there
are
complex
problems,
we
always
have
to
answer
problems,
complexes
understanding.
Why?
So?
Why
do
we
talk
about
safe
development
of
suffers
because
we
talk
about
devops
of
must
be.
B
A
So
this
is
part
of
the
culture,
so
culture
is
not
sincerely
involves
a
tool.
It
does
not
involve
methodology,
it
involves
people
the
way
it
does.
They
think
the
way
it
behaves,
but
at
the
same
time
the
culture
is
also
activated
and
increased
by
tools
by
tools
that
are
used
from
within.
There
is
a
conjunction
of
this
in
the
end,
right
and-
and
it
is
important
that
there
is
this
culture
of
must
o
I
did
this
culture
of
seven
glasses
within
this
application
Because.
A
It
is
important
that
people
know
how
to
deal
and
work
with
a
collaborative
environment,
so
they
know
that
al.
I
is
not
how
we
started
when
it
came
up.
It
must
be
here
Opus
and
Box,
right
there
was
that
demand
for
and
the
functions
were
separated
So
I
had
here
and
development.
The
operations
team,
the
development
team
is
responsible
for
producing
many
features.
The
operations
team
is
responsible
for
keeping
the
system
up
and
running
and
stable.
A
So
when
I
have
a
team
and
teams
that
have
different
goals,
where
one
that
is
to
deliver
more
things
and
the
constant
delivery
generate
stability
to
another
team
responsible
for
maintaining
stability
and
therefore
they
will
prevent
that
new
things,
arrive,
right
then,,
they
end
up
generating
conflicting
objectives.
Where
I
had
a
development
team
that
developed
the
functionality
threw
this
one
over
the
wall.
A
Another
operations
team
to
see
this
was
not
there
in
the
statement
that
failed
and
came
back
here,
put
the
blame
in
the
movement
team
and
what
development
to
recover
here
from
operations
and
this
exchange
of
far
Then.
He
saw
that
in
an
environment
that
was
not
collaborative,
it
didn't
make
sense,
and
the
people
who
were
separate
and
who
worked
styles
were
bad
and
devops
was
created.
And.
A
Then
we
have
that
this
started
to
happen
also
safely,
where
I
had
a
team
from
devoxx
that
worked
deliverable
maintained
soft
applications,
but
at
the
same
time
security
came
to
an
end
and
security
was
not
shared
So.
You
had
a
problem.
For
example,
an
application
that
was
delivered
in
production
but
broke
is
an
operations.
Problem.
Prayers
posed
the
problem
involvement
Cite,
an
application
that
had
some
security
flash
a
security
flaw.
The
blame
is
to
hold
for
security
analysts
who
didn't
see
it
at
the
time.
I
was
doing
the
code
review.
A
The
security
analysis
put
this
blame
on
the
developers.
The
residents
said
that
the
team
infrastructure
didn't
have
the
necessary
security
forever
and
that's
why
we
talk
here
about
the
ambi
Collaborative
entity,
where
there
are
no
Silos
of
work.
It
is
fundamental
For
the
development
of
the
line
to
occur,
it
must
be
cups,
and
for
that
there
is
this
shared
responsibility
where
I
will
not
blame
a
specific
tip,
but
everyone
works
together.
A
Everyone
shares
the
the
same
tools,
the
work
environment,
so
that
you
can
build
collaborative
solutions
within
it
and
at
that
moment
where
we
will
think
about
where
the
processes,
the
tools
will
improve
over
time
and
this
continuous
improvement
mechanism.
What
this
team
develops,
this
improvement
mechanism
continuous,
where
I
will
deliver
more
functionality
more
frequently
with
more
quality.
It
is
also
necessary
to
do
it
via
automation.
So
there
is
no
security.
There
is
no
quality
of
delivery.
A
If
we
do
not
have
automation
you,
we
cannot
give
the
machine
the
power
to
perform
repetitive
tasks
and
let
it
be
human
book
that
is
creative.
That
is
extra
to
do
what
to
do.
On
top
of
this
work
Hi,
and
then,
when
we
think
about
security
and
the
software
development
life
cycle,,
we
have
to
think
that
security
does
not
come
at
the
end,.
It
is
involved
in
all
the
steps
in
there
for
security..
It
has
to
be
thought
of.
When
I
make
the
Exception
of
a
project.
The
security
has
to
be
thought
of
How
I.
A
Do
the
configuration
of
a
project
has
to
be
thought
of
when
I
make
the
description
of
a
functionality
right
then
the
specification
of
a
requirement?
The
security
has
to
be
inherent
here
when
a
developer
is
going
to
write
code
when
he
is
here
to
do
the
review,
he
is
going
to
do
a
security
analysis
in
the
environment
that
I'm
going
to
do
after
that,
inside
monitor
to
ensure
that
my
application
is
not
suffering
attacks,.
A
So
it's
been
going
since
when
there
is
no
code
being
developed
until
the
code
is
already
introduced
to
security
when
it
has
to
be
fixed-
and
it
has
to
be
inherent
in
that
work-
that
is,
there
is
somehow
good.
So
when
we
talk
about
the
web
window,
we
always
think
of
a
tool
that
was
built
with
the
focus
on
the
developer
right.
So
the
Ruby
kit
has
the
vision
of
being
the
developer's
home
and
in
the
future,
I
will
be
making
it
present,
right,.
We
want
every
solver
When.
A
He
arrives
at
his
work
when
he
starts
contributing
to
it,
I'm
folks.
The
first
thing
he
does
is
Open
Notice
that
the
world's
code
is
in
here
somehow.
So
when
we
think
about
solutions
when
we
think
about
delivering,,
we
think
about
doing
it
always
focused
on
the
developer
So.
How
do
we
manage
to
deliver
security
solutions
that
are
easy
and
that
empower
developers
to
make
corrections
or
make
a
simplified
analysis
there??
It
has
to
be
done
in
a
narrative
way,
so
I
have
to
navigate
between
different
platforms,
right.
A
I
have
to
be
able
to
deliver
a
solution.
First
line.
What
is
encapsulated
within
that
tool
that
everyone
is
used
to
within
that
hit
Run
environment,
that
everyone
is
used
to
seeing
That's,
why
we
say
it
has
to
be
automated
I
'm,
going
to
put
it
a
few
clicks
away,
one
by
one,
a
solution,
a
super,
complex
security
feature
that
needs
very
little
configuration
to
be
able
to
start
using
it
from
scratch
and
all
without
the
need
to
provision
a
very
heavy
infrastructure
and
make
a
series
of
heavy
configurations.
B
A
So
when
we
think
of
delivering
a
solution
to
the
our
users
are
focused
on
the
developer,
it
is
native.
It
is
connected
to
that
tool
and
it
is
also
automated.
It
requires
very
little
configuration
when
we
think
about
the
applications
we
have.
It
is
always
important
for
us
to
think
about
and
the
problems
that
come
from
the
inside
out.
So
look
I'm
writing
code.
How
can
I
guarantee
that
this
code,
I'm
writing
safe
for
the
month?
A
It
takes
time
to
ensure
that
nothing
from
the
outside
is
coming
in,
and
when
we
talk
about
the
vulnerabilities
there,,
the
dependencies
that
we
use,?
Sometimes
it's
not
the
specific
dependency
that
I'm
using.
That
has
skill
movement,
but
it's
a
dependency
on
that
dependency.
So
I'm,
putting
it
I
have
to
understand
that
I
have
to
go
down
deep
in
this
dependency
tree
in
this
dependency,
graph,
right?.
A
That
arrives
and
puts
a
vulnerability
in
my
application
and,
at
the
same
time,
I
have
to
ensure
that
by
mistake
by
an
error
of
some
individual,
none
Tolkien
None
of
my
passwords
is
leaking
either.
So,
as
I
said
at
the
beginning,
we
have
to
guarantee
security
from
within
out
and
outside
in
and
ensure
my
know.
The
Authentication
Keys
are
protected
too,
so
almost,
which
are
the
security
capabilities
right
within
what
has
the
first
is
the
cores.
Who
is
the
object?
Syntactic
analysis
part.
A
We
will
be
able
to
guarantee
that
the
code
you
are
developing
is
safe.
It
is
not
putting
any
vulnerability
in
your
application
when
it
arrives
in
production
and
it
will
be
protected
from
external
attacks.
The
second
point,
and
that
make
up
what
they
want,
is
the
Cold
Call
that
the
inini
that
works
and
performs
on
top
of
it,
then
under
the
color
that
changed
me.
A
A
Well,
so
that's
it
today.
The
cycle
of
want
I'll.
Go
there
more
details.
We
'll
activate
it
in
the
repository
here
together.
You
want.
It
will
look
for
tokens
that
were
radio
that
was
so
radical
of
his
right
Always
with
the
rivers
entry
Here.
They
were
encoded
within
his
files,
so
for
public
repositories.
A
Since
it
was
inserted
into
that
one
standard,
we
communicate
with
the
provider
so,
for
example,,
it's
a
token
from
WS
it
's
a
little
bit
of
Ézio
in
you
Ah,.
It's
serious
this
tone
that
you
recognize
him
as
Vale
he's
active
in
there,,
then
agile
returns
saying
that
it's
a
little
bit
active
and
then
we
mark
it
for
the
user
So.
This
reduces
the
amount
of
false
positives
a
lot
today.
This
one
here,
just
some
of
the
external
tools
that
we
integrate
have
much
more
besides
them
too.
A
A
Once
the
active
This
is
Advanced
Security
I'm
going
to
the
option
to
use
all
the
features
that
it
gives
me
in
there,.
One
of
them
is
the
code
scanner
that
we'll
talk
about
later,
but
the
one
we're
testing
now
is
the
circuit
that
I
have
so
simple
I
'll
come
here
and
activate
the
functionality.
It
already
starts
working
inside
my
repository.
If
I
come
here
in
the
security
part
now
Hi
and
ask
to
look
at
the
simple
tab.
Who
is
he
going
to
talk
to
look
I'm
running
here?
B
A
I,
don't
find
it
nothing!
We
will
mark
here
for
you
that
you
don't
have
any
if
it
is
deactivated
and
how
it
works
from
now
He
looks
back
then
he
time
all
the
history
of
my
rhythm
and
he
also
looks-
will
start
r
to
look
forward
to
each
new
invitation
I
give
it
will
validate
if
there
is
any
touch
in
which
it
takes.
What
happens
right
if
you
happen
to
have
one
there?
Imagine
that
you
not
all
the
stumps
you
have
by
chance.
A
I
I
want
now
to
make
sure
that
my
my
my
my
Tolkien
type
is
identified
by
the
BTL,
so
I
can
put
here
some
examples
of
one
of
a
regex.
Let
me
enlarge
it
here,
for
you
a
little
bit,
I
think
it
might
be
getting
small
right,
Beauty,
so
I
can
put
one
specific
one.
Tap
pattern
use
a
regex
here.
I
can
say
what
he
has
before
what
he
has
to
have
after
I
can
put
some
requirements
on
some.
A
What
he
has
to
have
avg
I
can't
find
the
Example
then,
right
If
she
imagines
inside
you,.
She
doesn't
want
any
number
of
who
is
from
Brazil,
no
CPF
number,
that
is
ours,
Our
Social,
Security,
here,,
right
social
Security
Number
for
good.
Then
we
don't
want
any
CPF
and
stay
inside
the
code.
So
I
can
come
here
and
say
that
this
one
is
our
pattern.
A
So
it's
three
digits
a
dot,
3
digits,
a
dot,
1-2
fair,
so
I
don't
want
any
CPF
to
be
leaked
into
the
account
I
can
attest
to
my
stranger
here
to
see
if
it
is
correct
and
out
of
beauty,
I
was
able
to
identify
that
these
validations,
so
I
will
guarantee
that
now
in
the
CPF
call
for
those
who
are
not
used
to
CPF.
So
we
can
adhere
to
any
standard
here.
It
is
very
much
from
Brazil
that
is,
and
I
can
validate,
for
example.
A
So
any
time
someone
mistakenly
as
a
CPF
is
either
as
a
login
or
because
they
saved
user
data
inside
a
file.
I
am
already
inside
it
made
a
dhampir
a
database
and
saved
it
inside
the
it
web
and
be
able
to
find
it
in
here
too
so
I'm
going
back
here
now
in
my
safety,
water
in
the
part
of
the
cycles
want
and
I
can
see
that
it
found
four
tokens
here
inside
this
application.
So
are
the
axia
this
kit
here
SESC
that
are
from
the
WS
So.
These
these
touches
are
in
fact
valid.
A
So
if
I
go
to
the
WS
I'll
find
these
stocks
I'll
go
and
I'll
be
able
to
have
some
kind
of
access
with
them.
I
didn't
even
try
to
access
them
because
we
've
already
reduced
it,
we've
already
taken
what
you
have
this
one.
You
can
do.
Ok,
so
no
matter
how
much
it
is
recorded.
You
can't
do
anything
with
these.
He
can
only
use
it
who
doesn't
know
that
there
are
always
funny
people
there.
That's
why.
A
Is
good
is
the
count
scanning
it
works.
It
is
a
semantic
analyzer,
it
does
static
code
analysis,
but
it
works
from
a
semantic
analysis
right.
It
is
interesting
that
there
is
a
Native
experience
inside
hit
Ruby,
so
there
is
no
plugin
there
in
and
it
has
to
be
installed.
No
external
tool
that
has
to
be
configured.
It
will
work
so
much
analyzing
the
skills
that
already
exist
in
your
application.
So
it
is
as
if
it
were
general
there,
a
liability
of
vulnerabilities
that
happen
to
exist
But.
A
It
will
also
work
to
prevent
that
new
vulnerabilities
Xerém
production,
so
it
will
work
within
the
curry
Quest
looking
for
some
vulnerability
there,
that
I
may
be
contributing
to
what
I
may
be.
Writing
within
that
suffers
right
And.
Besides
that
it
is
possible
to
customize
kueres,
write
your
own
colors
or
use
and
package
those
that
exist
and
exist
in
the
community.
A
So
there
are
a
number
of
researchers
from
the
com
unit
that
whenever
they
find
a
new
vulnerability
in
the
community
through
our
balut
program,
they
will
report
and
that
and
they
will
write
a
clear
one
too,
but
they
will
work.
They
are,
they
are
researchers
of
companies
that
will
be
inside
the
companies
themselves.
Writing
other
forms
So.
We
have
a
client
like
Microsoft
itself
that
uses
Cold
for
their
entire
codebase.
They
have
a
team
that
writes
Caires.
A
So
what's
interesting
for
us
to
look
here
if,
together
with
Cold
Cruel,
that
the
itg
I
wanted
to
put,
for
example,
a
container
analysis
as
occurs
I,
have
a
flower
ready
to
do
that
too.
If
I
wanted
to
do
it
via
Live,
also
container
analysis,
No
problem,
if
I
want
to
put
some
analysis
from
another
tool,
for
example
cenbrap
or
the
analyzer
of
Snake's
container
or
let's
go
there,
the
tactical
analysis
of
Papel
was
Cold
to
run
along
with
his
I
love.
You
has
the
option
because
the
strength
of
hip
Ruby
is
the
community
right.
A
So
it
doesn't
do
anything
but
say
here
to
all
Oops,
just
a
little
bit
to
every
commit,
in
my
main
building,
all
the
curry
Quest
that
I
opened
or
every
20
at
21
and
22,
every
Saturday
I'm
going
to
run
this
analysis
I'm
going
to
run
an
Ubuntu
machine.
He
has
already
seen
that
the
repository
he
JavaScript
and
Python.
He
will
run
analysis
for
these
two
and
he
will
check
out
the
code
mount
the
database
with
my
code
base,
which
is
where
it
will
run.
A
If
there
is
any
some
language
that
is
compiled,
it
will
try
to
give
the
video
automatically,
which
is
not
the
case
here,
because
if
one
the
results-
and
here
it
is,
it
will
run
the
analysis
and
where
it
will
upload
this
one
of
the
results
into
the
area.
I'm
not
going
to
touch
anything
on
this
one
flower,
because
it's
already
ready
to
run
It's
super
simple.
It
comes
with
a
series
of
comments
just
to
help.
We
understand
that
every
step
is
running.
A
A
Er
analysis
of
this
repository,
so
in
parallel,
it
will
give
an
analysis
for
father
has
needed
to
skate
a
father,
so
it
will
run
super
fast,
because
the
little
father
thing
also
has
in
this
repository,
but
at
the
same
time,
javscript
will
take
about
two
minutes
here,
because
it
is
a
bulk
of
the
repository
as
an
application
is
also
not
very
big.
It
runs
relatively
fast
in
this
case
in
front
of
you
being
able
to
look
here
a
little
bit
in
depth
what
it
has
been
doing
under
the
hood.
A
For
those
who
were
a
little
more
curious,
it
is
running
oni
Charles,
so
it
is
setting
up
the
pulp.
You
don't
yet
it's
setting
up
the
database
with
my
code,
so
it's
basically
working
I
broke
this
code
in
the
graph
right.
I
set
up
this,
the
paths
that
exist
inside
this
code-
rodeo
autobild,
but
as
I,
had
nothing
compiled,
I,
passed
them
straight
and
now
I
I'm
running
the
areas
here,.
A
So
within
the
analysis
we
will
see
that
it
is
getting
What.
Is
the
quarry
and
running
on
top
of
this
bas
and
of
code
I'll
show
later
how
Watercolor
structured
I
think
it's
cool
for
those
who
want
to
take
a
look
and
see
how
it
works,
then
it
will
extract
the
things
inside
and
start
executing.
Now
we
can
stop
and
wait
for
this
to
be
finished
being
executed.
While
this
is
not
going
to
go
ahead
with
our
presentation,
my
God,
what
a
white
Hi
and
then,
while
we
are
going
to
configure
the
theater.
B
A
A
Is
good
the
next
step
we
are
going
to
do
there
when
we
have
to
nothing
to
see
that
execution,
we
will
see
a
list
of
vulnerabilities
that
it
generated
inside
my
main
building
So.
What
exists
already
existed
in
the
application
before
I
had
my
my
my
project
being
analyzed
by
Cold
that
the
So,
what
we
are
going
to
do
now
bring
this
a
step
before
and
put
this
analysis
as
part
of
the
code
review,
process.
A
So
instead
of
analyzing
the
entire
code
base,.
How
do
I
see
this
extra
code
I'm
going
to
check
if
Delta
is
the
code
that
I'm
putting
inside
my
project
now
as
I
guarantee
that
it
doesn't
have
any
vulnerability
that
I'm
not
going
to
add
mobility
from
it?
So
this
will
be
the
process
that
we're
going
to
do
here
now
and
the
hold
it
inside.
The
curry
question.
Ok!
A
A
A
There's,
nothing
there's
nothing
wrong
and
you
can't
go
on
with
your
life
and
for
JavaScript
by
the
way
and
it
turned
green
because
it
managed
to
finish
doing
the
analysis.
But
now
I
see
that
here
inside
my
safety,
water
I
have
52
students.
Four
of
these
alerts
are
from
the
circuits
want
and
48
are
from
the
code
is
Who.
A
Then,
let's
take
a
look
here
inside
the
cores
who
I
see
I
have
some
credentials
hard,
holsters
right,
so
first
Alert
he
gives
me
they
have
some
oil
authentication
token
that
you
put
radio-code
in
the
header
of
your
calls.
This
is
a
babysitter
a
practice.
We
do
not
recommend
that
you
use
it,,
give
it
a
configured
right.
It's
showing
me
that
the
path
from
where
it
appeared
to
where
it
leaked,
if
necessary,
and
that
one
will
give
me
a
recommendation
on
how
to
do
it
as.
A
Well,
and
how
to
do
this
configuration
without
necessarily
putting
my
password
in
there,
using
a
100
glass
or
something
like
that
And?
Why
did
it
generate
this
analysis
here
separate
from
the
circus
in
this
channel
Because?
Here
there
is
no
endpoint
for
I
will
give
you
my
analysis,
buy
it.
So,
for
example,
how
will
I
know
what
the
database
is
and
if
it
is
online,
if
he
doesn't
want
to
see,
if
I
can
log
in
with
this
PPI
Whatever
it
is
or
not
right,
then
he
tells
you
based
on
structures
and
patterns.
A
In
that
case,
I'll
come
to
you
I'll
be
here
If
these
this
here
is
not
a
touch
I
I
can
mark
and
as
a
false,
positive
too,
but
the
case,
we
can
see
here,
there
is
a
little
authentication
and
I
will
have
other
alerts,
for
example,
as
an
Object
Object
in
Jackson
template,
so
I
will
be
able
to
make
a
Jackson
from
one
of
an
object
from
a
template
of
a
linked
object.
It
will
say:
look
at
the
tool
that
executed
this
Cold.
That
is
the
rule
that
validated
this
and
I
will
have
it
here.
A
Inside
Claro
I
will
be
able
to
see
which
one
was
executed
and
So.
What
is
the
cool
part
of
it
all
in
here
right
I
can
see
exactly
it's.
Not
a
black
box.
I
can
see
exactly
which
snake
I'm
running
in
there
so
funny
to
look
at
that.
It's
a
part
as
if
it
were
an
object-
oriented
language
like
the
language
I
declare
a
mixture
of
the
two
right,
so
I'm
going
to
import
some
classes
in
here
and
at
the
same
time,
I'm
going
to
run
a
room
not
even
like
what
we
would
do.
A
It's
not
even
a
project.
It's
a
public
folder,
so
I
can
see
all
the
clears
that
have
here
inside
I
can
see
the
people
who
contributed
to
it
in
some
way,
and
it's
cool
that,
if
you
want,
for
example,
to
create
a
new
which
and
propose
this
new
face,
inside,
just
open
a
curry,
Quest
Hi
and
the
team
will
review
and
do
it.
B
A
A
I
can
see
the
groups
of
rooms,
don't
have
the
courage
to,
for
example,
run
inside
swallow,
specifically
for
node
for
iett
Quality
performance,
then
I'll
have
the
security
blocks,
which
security
grouped
in
cws
there
within
each
cwl
I
see
the
loads
that
execute
that
make
the
validation
history.
Coaching
Jackson,
for
example,
and
here
I
go
to
Click,
makes
it
possible
to
identify
when
there
is
a
color
of
igf-1.
A
So
that's
why
the
cool
part
of
using
Cold
with
her
that,,
in
addition
to
being
able
to
contribute
with
new
faces,
you
have
with
them,
contributed
contributed
by
security
researchers,
the
analyst
of
companies
that
use
it
in
some
way.
We
will
have
to,
for
example,
in
this
part
of
the
details.
What,
will
you
say
what
is
the
vulnerability?
Why
do
you
recommend
correcting
this
probability,
an
example
of
bad
code
of
good
code
to
make
this
correction
and
external
references
that
will
help
you
to
do
this
analysis
it
from
inside
too
right?
A
So
I
will
be
able
to
look
here
now
after
this
run
inside
my
Cold
skinny
tab,
I
can
see
everything
that
ever
existed
inside
my
Delta
vulnerability
of
my
application.
So
this
it's
the
first.
But.
Imagine
now
that
I'm
messing
with
my
code
and
I'm
validating
if
in
my
resume
I'm
putting
some
vulnerability
or
not
so,
let's
make
a
small
modification.
So
I
already
brought
a
modification
ready
here
inside
the
file
serve
ahah
I'm,
going
to
edit
this
file.
A
Andthen
Andthere
is
basically
what
you're
doing
is
inserting
this
SQL
Jackson.
What
Because
it
takes
a
parameter
that
came
from
the
request
and
it
adds
it
there
inside
the
string
of
the
string
that
it
is
assembling.
So,
if
I
put
it
Then,
it
does
a
validation
of
this
stopping
right.
Then
you
put
a
and
Jackson
here
inside
this
saying
that
he
will
be
able
to
run
and
mess
up
my
base.
Let's
go
like
this
I'm
going
to
create
a
new
Branch
So
I'm,
going
to
pretend
that
I'm,
adding
here
to
a
search
functionality.
A
Then
it
will
do
analysis
for
javscript,
daddy,
daddy,
so
also
just
that
this
one
will
run
a
little
faster,
because
in
this
case
it
is
not
running
static
analysis
of
the
code
on
top
of
my
entire
base.
It
is
running
this
only
on
top
of
the
difference
of
this
Delta
as
one
as
we
commented,.
So
it
will
only
see
if
this
new
code
that
I
messed
with
has
or
does
not
have
any
vulnerability
there.
A
So
you
will
see
that
when
it
finishes-
and
it
will
be
green
for
these
two,
that
is,
he
managed
to
process
both
he's
going
to
finish
the
father's.
So
first
he
says:
Look
I
didn't
find
any
vulnerability,
but
I'm
waiting
here
today
for
JavaScript
to
complete,
even
when
he
eats
what,
when
he
finishes
the
devil
script,
he
will
show
me
that
he
found
a
vulnerability
here.
We
will
be
able
to
see
it
inside
the
ricoti
people.
A
So,
for
example,
if
I
look
at
that,
for
example,
in
the
altered
files
part,
I
see
that
he
moved
me
only
in
this
little
block.
There's
not
much
here,
He,
just
said,
look,.
He
added
here
it's
from
line
373
to
line
390
other
than
that,.
You
don't
change
anything
else,.
He
'll
also
do
it,
he'll
be
able
to
write
it
down
for
us,
saying,,
oh
and
the
and
the
skill's
mother-in-law
is
in
this
line
is
in
this
file
here
and
it's
generating
this
kind
of
problem.
A
So,
as
I
said
folks
father,
so
it
ended
before
he
has
one
here.
One
has
an
analysis
that
is
pending
that
the
JavaScript
analysis.
So
that's
why
he
said
it
hasn't
ended.
Yet,
let's
go
see
how
it
is,.
Let
me
close
these
tabs
a
little
bit
here,,
let's
see
how
this
durability
is,.
These
details
are
good,,
so
it's
perfume
is
running
the
analyzes
here
running
all
the
actions
lizations
of
all
the
colors
inside
my
repository.
Let's
wait
for
it
to
finish,
while
it
doesn't
finish
executing
here.
A
B
A
Of
him,
right,,
but
let's
suppose
that
I
want
to
prevent
him
from
doing
it,,
so
to
guarantee
that
I
will
always
have
a
tactical
analysis,,
a
code
analysis,
being
done
and
that
no
one
can
put
it
there,.
No
way,
I
can
come
here
and
add
a
rule
to
protect
my
Branch
I
'm,
not
going
to
say
that
I'm
going
to
protect
white,
I'm,
also
going
to
say
that
he
has
to
necessarily
have
a
push,
Quest
and
I'm
going
to
argue
that
he
has
a
Shrek
freight
status.
A
And
I
can
see
that
now
the
doctor
is
ok,
that
is,
right
I
have
this
code
analysis
here
that
is
pending.
It
is
mandatory.
I
can't
pass
without
proving
it
and
I
need
this
pending
item
here,
the
executed,
So
I,
don't
have
a
block
of
my
doctor's.
Let's
just
take
another
look
to
see
what
status
She
is
in
here.
A
A
A
The
first
is
that
he
didn't
it
has
a
limit
network,
so
I
don't
put
the
maximum
time.
It
can
wait
for
the
search
law,
api
request
to
return
1
and
what
in
itself
is
already
a
vulnerability
problem
because
it
may
be
running
some
malicious
code
inside
it
and
I
have,
on
the
other
hand,
SQL
Jackson
that
we
ended
up
showing
Before
also
inside
here.
If
I
come
here
in
the
part
of
showing
the
paths,
right,,
it
will
show
me
the
Where.
A
A
More
details
too,
and
it
ends
up
forwarding
to
where
it
will
have
more
information
about
the
sequence
in
tone
by
what
is
the
problem,
because
it
is
recommended
to
solve
this
type
of
problem
in
code
code,
examples
that
can
use
not
so
bad
code
and
good
code.
So
it
will
assemble
here
as
if
it
were
a
prefer
Statement
to
be
able
to
do
this
by
passing
variables,
instead
of
doing
interpolation
and
distrix
and
external
references
that
also
point
to
this
type
of
problem,
and
then
we
can
directly
block
the
problem
before
it
arrives
in
production,.
A
So
when
we
say
that
a
tool
designed
for
the
developer
is
because
of
that,
like
in
the
workflow
that
the
developer
is
already
used
to
working,,
how
do
we
make
sure
he
has
the
tools
he
needs
to
solve
a
problem
and
I
won't
go,
no,?
He
has
to
go,
get
some
external
refrigeration.
What
does
he
have
to
look
for
a
reference
And
if
he
doesn't
have
it
experience
with
SQL
Jackson,
as
we
already
give
him
the
documentation
examples
of
code
that
he
can
use
to
solve?
A
A
Hi
beauty
and
to
be
able
to
close
I
think
it's
important
that
we
take
a
look
to
understand
what
it
is:
Cold
here,.
What
is
this
guy?
Behind
the
scenes,
right
then,?
He
reads:
a
static
code
analysis
engine
that
was
based
on
more
than
13
years
of
research
by
the
people
of
the
University
of
Oxford,.
Then
it
was
a
team
from
a
research
laboratory
of
30
people.
A
And
this
tool
that
it
was
created
to
be
a
code
quality
analysis
tool
and
we
saw
the
great
potential
it
had
to
be
able
to
do
security
analysis
because
it
was
looking
for
code.
Behavior
and
vulnerability
is
nothing
more
than
an
undesirable
behavior
within
a
code
engine
within
a
code
base,
right
then,.
It
was
from
there
that
the
Advanced
Security
code
came
about,,
which
these
people
put.
A
For
Advance,
the
Security
for
the
apology
for
the
coldwell
fabric
created
thinking
about
being
a
tool
of
code
quality.
It
also
has
colors
that
will
look
for
bad
behavior
for
non-standard
language,
for
several
other
things
that
are
not
Salvador
skills.
Yet
so
they
will
compose
this
this
framework
of
solutions
in
there
and
the
cards
they
can
be
customized,.
We
can't
create
new
colors
and
you
can
regroup
the
ones
that
already
exist
in
squares
in
order
to
validate,
to
be
able
to
assemble
the
analyzes
that
are
standardized
to
our
demands
as
well
And.
A
So
how
does
it
work?
Let's
say
these
sets
these
groups
of
Claro.
We
have
more
than
1,700,
almost
two
thousand
letters
that
are
written
by
the
engineers
of
hit
Run
and
that
they
are
automatically
available
to
all.
Users
are
clear
that
they
will
look
there
for
known
vulnerabilities
in
the
community,
but
also
for
code
quality
things
such
as
good
language
practices
such
as
efficiency,
maintainability
and
rehabilitation.
The.
A
Ability
to
read
this
one
Hair
will
have
the
blocks
written
by
the
community
will
serve
the
researchers
of
security
will
be
companies
like
Microsoft
Google,
Uber
house.
That
will
be
writing
with
them.
That
will
be
incorporated
all
the
time
within
the
set
of
frames
that
will
be
available
to
be
able
to
go
out
so
that
the
analyzes
can
be
carried
out
and
they
will
have
colors
that
are
custom
clears,
and
the
user
himself
can
write
a
clear
that
at
times
he
can
choose
if
he
wants
to
contribute
back
to
the
community.
A
You
want
to
save
to
run
only
in
his
code
base
and
this
fourth,
he
wrote
because
sometimes
he
wants
to
look
for
a
specific
behavior
of
the
applications
he
develops
or
not.
He
is
a
researcher
of
security,
wrote
a
Harry,
and
now
he
wants
to
contribute
back
to
the
community.
Also
because
of
that
right,
then
what
he
was
talking
about
at
the
same
time
that
it
is
a
declarative
language
ie.
It
doesn't
perform
operations
inside
your
code.
A
It
won't
insert
new
behaviors
it's
a
mixture
of
an
object-oriented
language
with
a
face.
I.
Remember:
that's
why
it
mixes
the
two,
but
has
several
ready-made
libraries
that
the
pain
of
it
is
enough
to
say
that
he
developed
it
to
be
able
to
facilitate
the
work
people
and,
more
importantly,
it
has
tools
like
if
there
and
as
extensions
of
the
idea.
So
you
can
put
it
on
your
back
side
Cold
and
have
a
frameset
running
before
you
even
put
the
code
in
the
web
trash
or
if
you
have
been
developing
the
your
own
words.
A
You
can
test
this
locally
to
see
their
behavior
and
to
see
how
they
are
working
before
publishing
or
before
opening
a
curriculum
you
too
Hi
and
then
just
for
us
to
finalize
how
they
work
right.
So
the
secret
of
everything
is
in
inside
the
Caldwell
extractor,
but
it
works
differently
when
we
have
interpreted
languages
and
compi
ed
languages,
so
for
interpreted
languages,
the
extractor
works
as
to
build
this
ependency.
A
Graph
hat
will
be
stored
in
the
database,
so
I
takes
the
code
ba
e
and
these
tractor
is
going
to
assemble.
The
o
will
go
again.
The
extractor
it
is
built
on
top
of
the
language
interpreter,
right
to
be
able
reuse.
The
logic
that
is
already
in
me
and
it
will
put
it-
will
monitor
and
the
data
flows
that
exist
inside
and
assemble
this
database
and
compiled
languages.
It
is
neces
ary
to
pass
that
the
bild
happened.
A
A
A
Exactly
so,
we're
closing
the
time
here,
first
of
all
and
for
everyone
to
participate
in
the
universe
tomorrow
and
then
so
Wednesday
Thursday
we'll
have
an
international
event,
It's
free
on
the
hit
Rehab
Universo.com.
You
can
sign
up
and
create
your
own
timetable
for
all
the
sessions
that
will
take
place
so
keep
an
eye
out
and
sign
up
there.
So
you
can
have
more
information
and
see
what
it
will
be
and
see
the
agenda
available
for
each
day.