►
From YouTube: GitLab 12.6 Kickoff - Secure:Dynamic Analysis
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
So
for
the
12.6
release,
we're
looking
at
items
that
are
marked
for
deliverable,
so
these
are
our
items
that
are
committed
for
this
release.
We
have
other
items
that
we
label
with
stretch
goals
and,
of
course,
for
things
like
technical
items,
you
can
review
those
as
well
like
everything
here
at
gate
lab
this
issue
board
is
public.
If
you
look
for
the
SD
planning
board
and
you'll
find
these
items
under
the
12:6
release.
Right
now,
I've
got
this
filter
down
to
just
Center
deliverable
and
Direction
items.
So
this
release.
A
So
the
group
security
dashboard
is
a
great
place
to
see
an
overview
of
all
of
the
scan
and
the
threat
activity
inside
of
all
of
the
projects
that
are
inside
that
group
now,
one
of
the
things
that
we
want
to
make
it
easier
to
do
is
to
get
a
quick
high-level
overview
of
what
needs
your
attention.
So
we
have
this
proposed
grading
system
which
will
show
the
detail
Footwear
of
looking
at
here.
A
So
this
would
be
the
group
security
dashboard.
You
can
see
the
typical
list
of
all
of
the
vulnerabilities
across
all
of
the
different
types.
Now,
of
course,
you
can
filter
by
specific
projects,
but
what
we're
proposing
adding
here
is
this
little
project
security
status,
basically
a
grade
and
how
many
projects
are
there
within
each
one.
So
this
can
easily
sort
of
narrow
focus
to
things
that
are
with
a
grade
of
F.
So
if
I
flip
back
over
to
what
this
is
one
critical
active
vulnerability.
A
You'll
notice,
the
little
plus
sign
here
you
can
click
to
quickly,
expand
and
see
which
specific
project
it
is
that
has
that
particular
grade,
and
then
you
can
use
that
to
drill
quickly
into
each
one.
So
this
is
just
more
more
usability
improvements
to
make
the
information
that
is
most
important
to
address
first,
more
readily
accessible
in
the
security
dashboard.
So
this
is
again
in
the
group
security
dashboard
most
affected
projects
will
will
be
displayed
on
the
right-hand
panel
now
and
given
this
letter
grade
according
to
this
rating
system,.
A
A
This
new
configuration
screen
is
where
you
can
see
the
various
scanners,
so
we've
got
our
sassed
desk
container
scanning
dependency
license
compliance
right
now,
so
you
will
see
that
if
something
has
been
enabled,
it
will
show
a
status
of
configured
and
things
that
have
not
yet
been
configured.
It
will
also
be
displayed
here.
A
If
you
have
Auto,
DevOps
enabled
you'll
see
that
everything
is
already
set
to
configure.
Now,
since
this
is
the
MVC,
you
don't
have
the
ability
to
actually
go
in
and
change
the
configuration
options
or
if
something
has
been
enabled
has
been
configured.
You
can't
disable
it
yet
that
will
be
coming
in
a
future
release,
but
this
is
the
first
step
in
allowing
that
kind
of
configuration
directly
from
the
UI
instead
of
having
to
do
it
purely
through
configuration
files.
So
we're
excited
to
see
this
improvement
coming
in
the
12:6
release.
A
Another
12/5
item
that
is
carrying
over
into
12-6
that
we
are
targeting
completion
in
this
release
is
displaying
in
the
mr.
If
a
security
report
is
outdated.
So
a
quick
recap
on
this:
sometimes
the
target
branch-
it's
this
happens,
a
lot
with
a
default
or
the
master
branch.
There
may
be
a
situation
where
the
security
scan
is
stale.
A
So
when
you
go
to
check
in
a
new
feature
branch,
if
that
new
feature
branch
basically
looks
like
it
has
a
lot
of
identified
vulnerabilities
because
it's
not
being
properly
compared
to
the
target
branch,
so
we
are
going
to
be
adding
right
here.
An
indicator
that
says
security
report
is
an
update
so
giving
you
an
option
to
rerun
the
pipeline
for
that
target
branch
and
then
re
running
that
comparison,
so
that
you
actually
have
an
accurate
count
of
the
of
any
potential
new
vulnerabilities
in
the
feature,
branch
versus
the
target
branch.
A
And,
ideally
after
you
run
that
scan,
you
will
see
that
everything
the
numbers
matched
between
the
two
branches
and
then.
Finally,
this
is
one
more
12/5
item
that
is
carrying
over
into
12-6.
We
are
targeting
to
have
delivered
now
is
hiding
dismiss
vulnerabilities
and
the
security
stand.
Excuse
me,
the
security
dashboards.
A
So
you'll
notice,
a
toggle,
add
it
to
the
top
of
the
security
dashboard.
To
make
this
a
little
bigger,
it'll,
say,
hi,
dismissed
and
when
you
toggle
this
or
it'll
be
on
by
default,
it
will
NE,
dismissed
items
will
not
appear
in
the
vulnerability
list,
so
things
that
you've
already
taken
an
action
on
there
just
to
help
to
reduce
clutter
and
again
like
with
the
showing
can
be
the
most
effective
product
projects,
putting
your
attention
on
exactly
what
needs
it
now.