►
From YouTube: 14.10 Monthly Release Kickoff (Public Livestream)
Description
2022-03-21
A
A
Hillary
benson,
director
of
our
director
of
product
for
our
sex
section
will
provide
sec
updates.
Kenny
johnson
senior
director
of
product
for
the
ops
section
will
be
providing
us.
Our
ops
updates,
josh
lambert
director
of
product
for
our
enablement
section,
will
obviously
be
giving
us
our
environment
updates
and
then
or
equal
in
it
go
lewinsky
group
manager
for
the
managed
stage
will
bring
us
along
with
that
section
updates.
A
A
Think
of
me
as
a
lawyer,
as
I
read
this
to
so
on,
this
live
stream.
We
will
be
discussing
our
product
roadmap,
which
includes
upcoming
features
and
functionality.
It
is
important
to
note
that
the
information
presented
is
for
informational
purposes.
Only
please
do
not
rely
on
it
for
purchasing
or
planning
decisions
complaining
viciously
here
at
gitlab
and
all
the
details
on
this
live
stream
are
subject
to
change.
C
All
right
so,
as
is
usually
the
case,
sec
has
a
number
of
things
going
on
in
this
release
and
is
largely
focused
on
work
that
supports
our
fiscal
23
theme
of
improving
key
workflow
usability.
So
the
static
analysis
team
is
continuing
their
work
to
transition
our
various
language,
specific
open
source
analyzers
to
some
grep.
So
this
month,
they're
focused
on
java
workloads
and
are
migrating
java
sas
coverage
from
spot
bugs
to
some
grub.
C
C
Dynamic
analysis
team
is
working
this
milestone
to
solve
some
pain
points
in
the
on-demand
das
configuration
workflow,
so
the
goals
here
are
to
improve
learnability
and
to
make
it
easier
to
customize
from
the
configuration
workflow
how
and
when
a
given
asset
should
be
scanned,
as
well
as
which
types
of
vulnerabilities
the
scanner
should
highlight,
which
makes
it
easier
to
reduce
the
noise
associated
with
irrelevant
gas
bindings.
C
Additionally,
the
dynamic
analysis
team
is
working
on
continuing
to
mature
out
our
browser-based
gas
scanner
by
continuing
to
deliver
additional
passive
vulnerability
checks.
This
release
composition:
analysis
team
is
hard
at
work
this
month
on
giving
customers
the
ability
to
export
a
software
build
materials
from
gitlab
in
cyclone
vx
format.
Cyclone
dx
is
just
one
of
two.
C
The
most
popular
standard
formats
used
to
produce
software
builder
materials
and
the
point
of
an
sbom
is
to
provide
a
comprehensive
inventory
of
all
the
components
that
make
up
your
software,
as
well
as
any
security
issues
that
are
associated
with
those
components
so
from
the
customer
perspective,
s-bumps
provide
kind
of
key
visibility
into
open
security
issues
that
require
their
attention
and
it's
also
a
key
component
in
our
broader
story.
Around
software
supply
chain
security,
the
threat
insights
team
is
wrapping
up
work
to
enforce
validation
of
security
reports.
C
The
container
security
team
is
continuing
work
on
their
scan
result
policies,
so
this
month
the
focus
is
on
workflow
changes
that
will
allow
customers
to
view
security
approval
policies
in
the
same
location
as
merge
request
approvals.
So
if
you
take
a
look
at
this,
this
is
sort
of
what
this
looks
like
so
in
the
same
place
that
you're
looking
at
your
proof
of
role
as
you
can
see
security
policies
as
well
and
then.
C
Finally,
the
container
security
team
is
also
working
on
integrating
incorporating
the
gitlab
advisory
database
as
an
additional
data
source
for
the
container
scanning
analyzer.
So
this
will
give
customers
the
ability
to
detect
vulnerabilities
that
are
discovered
by
our
in-house
vulnerability.
Research
team
and
those
are
the
highlights
of
what
secure
protector
up
to
this
release.
With
that
I'll
hand,
it
over
to
kenny
to
take
us
through
what
ops
is
working
on
this
month.
D
Awesome
thanks
hilary
yeah,
my
name
is
kenny,
I'm
going
to
be
covering
the
ops
section.
As
a
reminder,
the
op
section
includes
the
stages
of
verify
package
release
configure
and
monitor
before
we
talked
about
some
of
the
exciting
things
that
we're
working
on
in
the
1410
release.
I
did
want
to
take
a
moment
to
pause
and
say
thank
you
to
the
entire
ops
section.
D
Over
the
last
six
months,
we've
had
a
heavy
focus
on
security,
efficiency,
reliability
and
scalability
across
the
platform,
and
we've
seen
that
pay
off,
not
just
in
our
devops
platform
being
able
to
scale
for
our
users
and
a
reduction
of
the
cost
to
run
that
platform
for
our
users,
but
we've
also
seen
usage
increase
throughout.
In
fact,
in
february
we
saw
some
of
the
highest
usage
numbers
we've
ever
seen,
which
shows
that
there's
a
real
buy-in
to
the
complete
devops
platform.
D
As
we
see
usage
span,
you
know
not
just
verify,
but
package
release,
configure
and
monitor
and
adoption
across
all
five,
so
great
work
team
to
talk
about
some
of
the
specifics.
I'm
all
most
of
these
fall
in
the
the
our
fy23
theme
of
extend
our
lead
nci.
So
I'm
gonna
jump
into
first
up
our
cicd
component
catalog,
so
we've
been
working
on
problem
validation
for
our
component
catalog
for
the
last
couple
of
releases
and
we're
going
to
start
on
solution,
validation.
This
release,
including
a
number
of
pocs
and
spikes.
D
D
Also
in
the
ci
group,
we're
going
to
be
working
on
a
really
common,
commonly
requested
feature,
which
is
the
ability
to
trigger
pipelines
based
on
when
a
draft
status
is
removed
so
commonly
you
can
write
rules
that
determine
when
pipeline
jobs
are
run,
but
it's
been
difficult
in
the
past
to
distinguish
between
a
job
that
was
for
a
merge
request
that
was
still
in
draft
state.
Doing
so
enables
you
to
do
things
like
run.
Maybe
your
basic
linting
on
draft
mrs
and
save
more
advanced
unit
tests
for
when
the
draft
is
removed.
D
D
The
next
couple
of
items
are
going
to
be
in
our
runner
fleet
vision.
So,
as
a
reminder,
one
of
our
big
investment
themes
for
fy23
is
improving
the
ability
to
manage
large
fleets
of
runners
that
are
increasingly
utilized
for
running
complex
ci
cd
jobs.
So
the
first
step
is
going
to
be
improving
the
edit
view
of
runners.
D
The
next
set
of
improvements
that
I
want
to
highlight
are
all
around
improving
the
deployment
experience.
The
first
one
is
about
improving
the
registration
process
for
our
kubernetes
agent.
The
kubernetes
agent
is
a
really
fundamental
piece
of
technology
that
we
began
work
on
about
a
year
ago
and
is
now
fundamental
to
how
we
envision
management
of
kubernetes
workloads
within
gitlab.
D
We're
also
going
to
be
improving
the
way
that
you
manage
environments
in
git
lab
we've
announced
in
previous
releases
that
you
can
determine
the
tier
of
an
environment
so
whether
it's
production
staging
or
testing,
for
example,
and
we're
going
to
begin
displaying
that
in
the
environments
page
alongside
the
environment,
you
can
see
an
example
here
where
the
main
branch
has
a
specific
environment.
That's
labeled
as
production
and
others
are
labeled
as
staging
and
testing
we're,
also
going
to
be
improving
the
design
of
the
approval
requests
for
deployments.
D
So
in
1408
we
added
the
ability
to
have
specific
approvals
and
approval
comments
when
performing
a
deployment
approval.
We
also
want
to
make
sure
that,
if
you're
assigned
in
a
deployment
to
approve
that
you
get
notified,
so
we're
going
to
be
adding
approval
notifications
to
your
to-do
list
within
gitlab.
Here's
an
example
of
that
here,
where,
with
a
nice
to-do,
showcasing
that
there's
a
pending
production
deployment
for
chris
to
approve
we're,
also
going
to
be
working
on
review
apps.
D
So
today,
when
you're
review
ups
are
a
really
powerful
piece
of
technology
within
the
gitlab
platform
that
enables
active
collaboration
on
temporary
versions
of
an
application
based
on
the
code.
That's
under
review.
The
review
app
today,
though,
is
sometimes
hard
to
find
within
a
merge
request.
We're
going
to
be
improving
the
consistency
of
exactly
where
a
review
app
appears.
D
The
link
to
a
review
appears
in
an
mr
and
we're
also
going
to
be
improving
the
process
for
enabling
review
apps
by
giving
much
more
robust
installation
and
setup
documentation,
so
that
users
can
quickly
add
review
apps
into
their
pipelines.
Those
are
the
things
that
I'm
really
excited
about
across
the
ops
section
focused
on
our
fy
theme
of
extending
our
lead
in
ci
cd.
With
that,
I
will
hand
it
over
to
josh
to
talk
about
enablement,
highlights.
E
Thanks
kenny,
those
are
some
really
exciting
highlights
and
I
can't
wait
for
them.
I
will
also
jump
into,
as
I
mentioned,
our
enablement
section
highlights
here
I'll,
be
focusing
on
the
gitlab
hosted
first
theme
for
this
particular
kickoff
video,
but
we
do
have
a
lot
of
other
great
changes
and
features
coming.
So
please
dude,
if
you
have
time,
take
a
look
at
our
kickoff
video
playlist
to
review
in
more
detail
all
of
our
groups,
so
with
that,
let's
jump
into
the
key
highlight
supporting
get
them
hosted.
E
First
from
enablement
for
this
release,
the
first
one
is
in
our
advanced
search
group
and
our
desire
is
to
be
compatible
with
the
latest
elastic,
search
and
open
search
versions.
Today
we
have
support
for
the
7.x
branch
and
the
6.8
branches
of
elasticsearch
or
versions,
and
those
are
getting
to
be
old,
and
so
we
want
to
make
sure
we
can
give
our
customers
support
for
the
newer
elasticsearch
versions
8.x
as
well
as
also
have
support
for
those
who
want
it
for
open
search.
Our
customers
are
looking
for
both.
E
So
we
are
looking
to
add
some
additional
investigation
and
work
in
this
current
release.
With
the
goal
of
adding
official
support
in
15.00,
because
we
will
have
to
deprecate
6.x
support
in
order
to
support
these
newer
versions,
so
keep
that
in
mind.
But
we
are
looking
forward
to
adding
support
for
these
new
versions
as
well.
We
think
it's
worth
it
from
there.
E
It
can
only
take
advantage
of
one
core
of
the
machine
and,
as
many
of
you
know,
a
lot
of
our
newer
machines,
even
your
laptops
have
multiple
cores,
and
so
this
can
lead
to
relatively
inefficient
use
of
the
hardware
and
so
we're
adding
support
to
have
multiple
instances
of
pg
balancer
running
on
a
single
piece
of
hardware
to
better
make
use
of
that
before
having
to
go
and
scale
out
horizontally.
If
you
don't
need
to
so
some
nice
efficiency
improvements
there.
E
With
this
change
from
there,
we
can
move
on
to
our
memory
group,
who
is
working
on
moving
our
metrics
collection
process
out
of
our
main
kind
of
application
core.
If
you
will
so
right
now,
for
example,
with
puma,
that's
our
web
server.
We
actually
do
a
lot
of
the
metrics
collection
inside
of
our
web
server
process,
and
so
there's
any
problems
with
that
metrics
collection.
E
It
can
affect
the
overall
ability
to
serve
web
pages,
which
isn't
great,
and
so
we
are
in
this
release,
working
to
just
move
that
metrics
collection
process
out
of
the
main
puma
process
or
web
server
process
to
make
it
more
available
and
resilient.
So
if
it
is
a
problem,
it
doesn't
affect
the
rest
of
the
core
delivery
job,
if
you
will
of
certain
web
pages.
So
looking
forward
to
that,
and
then
we'll
work
to
continue
to
optimize
this
process,
but
the
key
goal
here
is
moving
it
up.
E
First
from
there,
we
are
also
continuing
our
journey
to
move
all
of
our
data
types
for
juri
application
over
to
our
self-service
framework.
This
is
a
framework
that
has
all
the
features
for
replication
verification
and
it's
all
common,
as
opposed
to
the
previous
model
of
having
kind
of
one-off
code
for
every
single
data
type,
which
wasn't
very
scalable.
E
We
built
this
tool
to
help
with
our
large
pk
migration.
We
did
last
year,
which
was
very
successful,
and
we
effectively
built
a
much
more
robust
database
migration
tool
for
rails
code,
and
so
we'd
like
to
make
this
the
default
for
all
changes
in
gitlab,
as
well
as,
ultimately
long
term
likely
contribute
this
backup
stream.
E
We
are
also
continuing
to
work
to
help
throttle
large
data
changes
and
to
start
off
with
we'll
be
doing
this
work
inside
of
that
kind
of
batch
by
migration
service,
and
so
what
we
like
to
do
is
if
we
see
a
lot
of
database
change
happening
at
once,
more
so
than
the
database
can
handle.
We
can
automatically
slow
it
down
and
wait
for
it
to
pick
up
so
we're
working
on
this
to
help
prevent
potential
degradations
of
the
service.
If
we
have
a
sort
of
overzealous
migration
happening
in
the
first
pass.
E
F
Thanks
josh
lots
of
things
to
look
forward
to
I'm,
especially
looking
forward
to
the
database
batch
migration,
so
my
name
is
reed
and
I'm
the
group
product
manager
for
the
manage
stage.
I
will
highlight
some
of
the
things
that
the
dev
section
is
going
to
be
working
on.
The
groups
are
working
on
a
lot
of
things,
but
I'm
captain
time,
so
I
don't
have
time
to
go
through
all
the
great
initiatives.
F
So
if
you
are
really
interested,
please
check
out
the
individual
planning
issues
or
direction
pages
for
further
information
and
I'll
get
started
so
align
to
our
themes.
The
gitlab
hosted
first
theme:
the
workspace
team
is
working
on
api
support
for
user
management.
This
lays
down
the
foundation
for
bulk
actions
on
users
and
in
this
iteration
we're
going
to
allow
changing
max
roles
of
users
for
a
group.
So
we
will
continue
building
on
this,
but
this
lays
down
the
that
foundation
for
for
actions
on
multiple
users.
F
Many
of
the
devs
section
groups
are
working
on
high
priority
security,
fixed
compliance
and
performance
issues
aligned
to
this
theme
and
for
the
next
theme
we're
going
to
talk
about
improving
key
workflow
usability.
F
So
the
authentication
authorization
group
is
working
on
adding
password
policy
settings
and
really
making
making
it
configurable
to
make
complex
password
settings.
So
before
in
the
settings,
you
could
create
the
minimum
password
links
in
this
milestone,
we're
going
to
add,
allowing
to
configure
different
complexity,
settings
like
num
numbers,
uppercase
and
so
on,
and
when
a
user
inserts
their
password
for
the
first
time,
it
will
also
have
a
validation
that
tells
you
whether
or
not
this
complies
to
the
to
the
new
password
policy.
F
Moving
on
to
the
compliance
team,
the
compliance
group
is
going
to
be
finishing
the
work
to
improve
the
user
experience
for
the
compliance
report,
which
you
can
see
right
here.
The
compliance
report
is
now
going
to
display
all
individual
merge
request,
violations
that
have
occurred
in
projects
over
time,
and
this
is
net
new
information,
since
we
previously
only
showed
the
latest
merge
requests
that
had
any
valuations.
This
is
also
going
to
show
us
historical
violations
so
really
excited
about
that.
F
The
product
planning
team
is
working
on
confidential
notes
and
they're
going
to
bring
this
over
the
finish
line
and
get
it
ready
for
ga.
This
is
a
community
contribution
that
was
never
finished
but
and
has
been
behind
the
feature
flag
for
quite
a
quite
a
while.
This
feature
allows
users
to
create
comments
that
can
only
be
viewed
by
members
of
a
project
with
specific
roles.
So
it
looks
something
like
this
in
terms
of
the
ui
and
wrapping
this
up
and
releasing.
F
It
also
aligns
with
an
internal
ocr
that
we
have
to
reduce
the
number
of
feature
flags
and
draft
features
that
we
have
in
our
product
so
really
exciting.
To
see
this
become
ga,
our
giddily
group
is
going
to
be
working
on
an
mvc
for
incremental
backup,
backup
solution,
which
is
really
really
cool.
Full
backup
consumes
system
resources,
and
it
takes
a
really
long
time
to
execute,
and
sometimes
that
even
causes
the
system
to
be
unusable
and
unstable,
so
incremental
backup
is
really
exciting
and
it's
going
to
be
nvc.
F
We're
really
excited
to
get
some
feedback
from
our
gitly
cluster
users.
For
this
and
last
tying
into
our
last
theme
for
extending
our
lead
in
ci
cd,
the
optimize
team
is
adding
our
fourth
metric.
This
is
going
to
complete
the
whole
series
of
our
dora
4
metrics
for
api
support.
This
adds
api
support
for
a
change
failure
rate
and
the
change
failure
rate
is
calculated
as
the
percentage
of
deployments
that
cause
a
degradation
of
service
and
monitoring.
This
will
allow
teams
to
get
observability
and
continuously
improving
their
stability.
F
A
And
thank
you
presenters.
We
had
another
really
great
kickoff
call
today.
There
are
lots
of
great
things
coming
as
reid
said,
there's
not
enough
time
for
me
to
highlight
them
all
for
you.
I
shouldn't
have
enough
time
to
go
for
the
death
section,
nor
did
kenny
hillary
or
josh
for
their
sections.
But
here
are
a
couple
that
jumped
out
to
me
bye
feed.
A
Forget
it
hosted
first
compatibility
for
elasticsearch
and
open
search
with
advanced
search
geo,
moving
data
types,
existing
data
types
to
our
self-service
framework,
batch
database,
background,
migrations
and
api
support
for
user
management
and
improved
keyword,
full
usability
support,
s-bom
export
into
cyclone
dx
desk
on
demand
configuration
workflow
changes,
allow
customers
to
view
security,
approval
policies
alongside
their
merge,
request,
approval
roles,
confidential
comments
on
issues
epics
and
merge,
requests
and
roll
out
of
an
mvc
for
our
getaway
backup
or
incremental
backup
solution
and
our
last
theme,
and
maybe
we
can
use
kenny's
new
name
for
today,
which
is
accelerate
our
lead
in
ci
cd.
A
A
Again,
we
went
through
a
lot
of
stuff
today.
Please
check
out
the
release.
Kickoff
page
for
a
full
list
of
items
also
feel
free
to
engage
and
collaborate
by
leaving
comments
and
liking
them,
as
you
review
them,
and
as
always,
thank
you.
Everyone
for
watching
and
joining
this
release.
Kickoff
have
a
great
day.