►
From YouTube: GitLab 12.6 Kickoff - Secure: Composition Analysis
Description
You can see more about our kickoff here:
https://about.gitlab.com/direction/kickoff/
and
https://www.youtube.com/watch?v=Q-6LNTSkE8M&list=PL05JrBw4t0KqeXr-LNNOBDaxtaZtAAkak
and please take our survey to help us improve our Kickoff if you are willing (it is in google forms)
https://docs.google.com/forms/d/e/1FAIpQLSdNyIB_Rk3rn2-PI-5dWhb7rUfBLmGziTlbmeKYP-mFQEESQQ/viewform?usp=sf_link
A
A
So
specifically
the
issues
that
we
have
for
twelve
six
right
now
that
are
released
post
item
worthy,
which
means
these
will
be
complete
in
of
themselves
or
they're.
The
last
piece
of
an
epic
going
out.
We
have
a
new
policy
tab
coming
to
license
compliance,
which
means
that
people
can
proactively
go
see
the
licenses
that
are
new
license,
policies
that
are
in
place
and
make
sure
that
what
they're
planning
to
do
is
in
compliance
with
that
before
it
was
only
the
people
who
were
able
to
set
it.
A
Who
would
be
able
to
see
a
full
list?
Everybody
else
would
see
a
list
related
to
the
work
that
they
were
doing
only
and
that's
gonna
get
added
to
the
nav
section
for
easy.
Finding
also,
we've
got
the
dependency
scanning
for
Python
should
support
a
variety
of
text
file
inputs
so
that
there's
a
little
more
flexibility
for
the
way
people
are
setting
up
their
projects
and
we
want
to
support
PHP
composer
lock-in
license
compliance.
We
want
to
have
dependency
scanning
available
for
those
of
you
with
Gradle
projects
and
the
last
release
posts.
A
Where
the
item
is
that
we
want
to
add
SBT
in
dependency
scanning
as
a
package
manager
that
is
supported
now
other
than
release
post
items,
we
do
have
some
customer
requested
items,
for
example,
use
the
DS
underscore
Python
variable
make
sure
that
we're
working
towards
air-gapped
or
offline
support
for
dependency
scanning.
This
one
is
one
piece
of
multiple
so
completing
this
will
not
complete
that
entire
project,
but
it's
moving
us
toward
they're
also
doing
some
discovery
around
having
offline
or
air-gapped
license
compliance
and
we're
gonna
start
looking
at
ingesting
go
vulnerabilities.
A
A
So
that's
our
work
right
now
for
twelve
six,
you
may
have
noticed
there
was
a
bunch
of
rollover
from
twelve
five,
we're
hoping
that
we
groomed
everything
and
weighted
it
correctly
for
twelve
six,
so
there
won't
be
a
lot
of
rollover
at
the
end
of
this
release.
I
hope
you
all
are
as
excited
to
see
some
of
the
new
language
supports
and
the
expansion
of
our
availability
into
different
areas.