►
From YouTube: GitLab 12.9 Kickoff - Secure:Composition Analysis
Description
GitLab 12.9 Kickoff for the Secure Stage, Composition Analysis team
A
Hi,
so
my
name
is
Nicole
Schwarz
and
I'm.
The
p.m.
for
the
composition,
analysis
team
with
insecure
and
we're
about
to
go
over
our
twelve
nine
items
for
the
kickoff
that
our
direction
level
or
release
post
level,
and
then
we
can
go
over
any
questions
after
we
go
through
them.
So
the
first
one
I've
got
is
that
we're
going
to
work
on
supporting
air-gapped
dependency
scanning
for
JavaScript
through
our
retired
at
Jas
analyzer.
A
So
we
have
a
lot
of
different
analyzers
that
make
up
our
dependency
scanning
category
and
for
this
particular
12.9,
we're
going
to
concentrate
on
documenting
and
fixing
some
items
to
make
sure
that
this
will
work
in
a
limited
connectivity
or
no
connectivity
environment.
There's
a
couple
of
caches
here
that
you
can
read
about
with
sassed
and
some
of
our
other
tools
and
are
already
air-gap
support
which
involve
you
having
to
download
all
the
analyzers
in
advance
and
do
some
configuration
work.
But
we're
going
to
have
all
of
that
documented
as
part
of
this
issue.
A
So
if
you
are
interested
in
this
topic
at
all,
please
comment
in
this
issue
so
that
you
can
participate
in
the
questions
we're
going
to
ask.
Maybe
when
we
get
to
prototyping
you'd,
be
able
to
help
us
click
through
and
give
us
feedback
on
that.
So
I
would
just
love
to
know
your
scenarios
and
situations.
So
please
comment
on
that
issue
and
then
the
last
item
we've
got
is
actually
a
deprecation,
and
so
this
one
won't
affect
most
people.
A
We're
going
to
look
at
data
migration
if
that's
possible
and
all
sorts
of
other
implications.
So
if
you
have
written
any
kind
of
scripting
or
integration,
you'll
probably
want
to
follow
along
in
this
issue,
you
can
also
feel
free
to
comment
with
your
thoughts
and,
if
you've
run
into
this
confusion,
we
definitely
want
to
hear
from
you
around
what
would
help.
So
that's
my
four
items:
does
anybody
have
any
questions
about?
Why
we're
doing
these
or
any
questions
about
more
about
what
the
outcomes
going
to
be
nope
nope?