►
From YouTube: Delivering code to car with Tekton and GitHub Advanced Security - GitHub Universe 2020
Description
Presented by
Dan Hebberd, Senior Engineer, TRI-AD
Gwenn Etourneau, Senior Infrastructure Engineer, TRI-AD
For more from GitHub Universe 2020, visit https://githubuniverse.com
As always, feel free to leave us a comment below and don't forget to subscribe: http://bit.ly/subgithub
Thanks!
Connect with us.
Facebook: http://fb.com/github
Twitter: http://twitter.com/github
LinkedIn: http://linkedin.com/company/github
About GitHub
GitHub is the best place to share code with friends, co-workers, classmates, and complete strangers. Millions of people use GitHub to build amazing things together. For more info, go to http://github.com
A
A
B
B
I've
included
a
bunch
of
photos
of
what
it's
like
to
work,
a
tier
id
in
more
relatively
normal
times.
You
can
see
my
messy
standing
desk
down
there
in
the
bottom
left.
You
can
see
where
gwen's
team
would
normally
sit
in
the
bottom
right
and
you
can
see
our
next
generation
usability
simulator
in
the
the
sort
of
middle
bottom
there.
B
B
So
today,
vehicle
software
developers
face
a
lot
of
challenges,
we're
hoping
to
solve
some
of
these
challenges
with
arena
and
here's
a
few
important
points
to
discuss
today.
First
of
all,
the
process
through
which
developers
develop
for
vehicles
suffers
from
long
planning
and
development
cycles,
and
they
developers
typically
have
limited
opportunity
to
deploy
and
test
their
code.
So
developer,
agility
is,
is
reduced
or
opportunities
for
developer
agility
are
reduced.
B
The
tools
and
services
which
developers
use
to
build
and
test
are
usually
quite
limited
in
terms
of
options
for
scalability,
in
particular
with
respect
to
frequency
of
testing
every
line
of
code
which
a
developer
writes,
needs
to
be
traceable.
All
the
way
from
requirements
to
code
in
the
and
every
artifact
which
we
produce
from
code
to
car
needs
to
be
immutable.
B
So
examples
include
integrating
status
to
the
use
of
serif
and
through
the
use
of
lgtm
enterprise,
we
can
integrate
the
experience
we
provide
to
our
developers
in
our
github
environment,
back
to
our
gitlab.
B
Super
importantly,
for
us,
through
the
use
of
code
qr,
we
can
create
custom
rules
for
scanning
important
requirements
and
standards,
particularly
with
respect
to
safety
and
security.
B
So
it's
our
goal
to
produce
the
world's
safest
vehicle
safety
and
security
of
critical
importance
to
us
and,
as
such,
implementation
of
tools,
workflows
and
processes
to
both
guide,
simplify
and
enhance
capabilities
to
conform
to
and
exceed
the
expectations
of.
These
standards
is
again
of
critical
importance.
B
B
And
rule
sets
which
assist
in
compliance
with
these
standards
are
auto
star,
c,
plus
plus
14
and
seis
c
134,
and
we've
engaged
with
github
to
create
coql
rules
for
scanning
against.
These
two
rule
sets
and
integration
of
those
scans
into
the
familiar
github
interface
and
into
the
vs
code
ide,
as
I
mentioned
earlier,
and
it's
our
intent
to
work
with
github
to
open
source.
These
rules
for
broader
community
use
and
more
rapid
adoption
of
our
platform.
A
So
now
it's
important
to
understand
how
d
fair
workflow
for
code
to
the
car
from
a
typical
software
delivery,
workflow
for
common
software
doorstep
or
job.
Are
you
when
you
check
out
your
code?
You
do
unit
testing,
then
integration,
testing
and
then
finally,
you
deploy
and
you
may
have
functional
testing.
A
Of
course,
this
is
a
really
general
concept
and
some
workflow
or
pipeline
may
differ,
but
I
think
this
is
pretty
accurate.
Most
of
those
steps
are
primarily
synchronous,
meaning
the
workflow.
Don't
really
need
to
have
a
pause
or
long
pause
between
step
or
job
and
often
do
not
involve
human
interaction
or
process
validation.
A
A
A
Now,
if
we
look
at
delivering
code
to
the
car,
this
involves
a
lot
of
different
steps.
Of
course,
we
do
have
the
user
suspect
check
out
unit
testing,
but
where
the
complications
start
to
happen
is
when
we
need
to
do
software
simulation,
which
require
a
lot
of
cpu
or
gpu.
A
lot
hardware
simulation
with
specific
hardware,
which
require
a
lot
of
effort
to
integrate
same
for
this
ecu.
A
So
to
reason,
a
bit
for
the
workflow
code
to
the
car,
we
need
to
integrate
different
hardware
and
process
which
can
be
manual
with
human
iteration
or
not
simulation
again.
We
need
specific
hardware,
which
include
sensor,
for
example,
camera
for
the
software
simulation
again.
We
need
gpu
and
a
lot
of
them
and
simulation
tasks
could
take
minutes
hours
or
even
day
to
run,
so
we
really
need
a
way
to
pause.
The
workflow
same
with
the
check
and
uploads.
A
Most
of
those
process
are
and
most
likely
interact
with
one
or
multiple
person.
We
can
imagine
even
interpreting
with
different
companies,
for
example
a
third
party
company
for
certification,
and
then
those
check
include
compliance
and
again.
This
is
where
github
advanced
security
is
going
to
help
us
and
for.
A
A
A
A
A
A
One
of
them
that
we
made
clear
in
the
present
slide
is
that
we
need
to
be
able
to
pause.
The
workflow
which
tecton
allows
to
do
tecton
is
built
on
top
of
kubernetes,
it's
a
kind
of
extension
for
the
kubernetes
api.
Why
we
call
it
custom
resources
definition,
and
one
interesting
features
is
that
tecton
can
call
other
crd
natively,
like
we
have
our
own
custom
crd,
and
this
allows
us
to
extend
the
workflow
as
we
want,
for
example,
again
approval
process
specific
simulation
need.
A
Basically,
everything
we
want
to
implement
could
be
a
part
of
the
workflow.
Of
course
it
because
you
run
on
top
of
kubernetes.
It
does
support
all
the
magic
level.
Node
gpu
scheduling,
auto
scanning
this
workflow
required
to
be
scalable
and
for
the
part
running
on
top
of
kubernetes,
for
example,
the
gpu.
We
just
need
to
add
resources
to
our
humanities
cluster
and
some
of
those
steps
could
be
complex,
but
thanks
to
the
kubernetes
integration
and
the
tecton
flexibility.
A
A
A
A
A
A
A
We
want
to
remove
the
complexity
out
of
the
developer
hands,
so
the
tooling
is
integrated
and
developer.
Has
one
press
for
the
code
to
the
car
the
workflow
by
default
is
scalable
and
flexible
by
defaulting
the
offload
again
we
bring
the
safety,
the
security,
the
standard
compliance,
cultural
rules
and
then,
as
I
said,
before,
flexibility
and
immutability,
it's
a
core
function
of
the
workflow
system,
and
with
that
I
think
we
will
improve
the
developer
experience
for
code
to
the
camera,
and
then
from
that
I
will
give
back
the
hand
to
my
teammate
daniel.
B
So,
as
you
heard
today,
we
have
an
exciting
and
challenging
mission
ahead
here
at
trid
with
our
irene
product.