►
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
Cool
hi,
I'm,
Sid,
co-founder
CEO
at
get
lab
and
I
want
to
talk
a
bit
about
compliance
with
gitlab.
We
want
to
help
our
customers
be
compliant,
but
I
think
there's
a
lot
more.
We
can
do
then,
that
we're
doing
today
and
part
of
the
cause
of
that
might
be
that
that
effort
is
not
split
up
amongst
multiple
stages
in
care
plan.
We
have
our
managed
stage.
We
have
our
fair
verify
stage,
we
have
our
secure
stage
and
they
are
all
important
for
compliance.
A
A
There's
things
I
would
love
to
see
and
get
laughed
at,
I
think
our
customers
need.
For
example,
today
you
can
run
your
security
tests
with
other
Devils
dependency
scanning,
obtain
your
scanning
static
and
dynamic
code
analysis.
However,
if
you
don't
run
the
test,
there's
no
consequence
to
that.
That
should
be
the
biggest
flag
like
if
you
don't
run
a
test.
Ax
is
a
much
bigger
problem
than
actually
finding
vulnerabilities.
If
you
haven't
run
the
test,
you
don't
know
what's
out
there,
it
could
be
way
worse.
A
It's
also
about
different
environments
having
different
rules,
for
example,
there
could
be
some
environments
that
just
before
the
holiday
season,
you
don't
want
any
deployments
there
without
someone
authorizing
them.
So
can
we
set
kind
of
windows
for
certain
environments?
Can
we
set
things
where
the
security
team
has
to
review
the
application
every
X
amount
of
time?
A
A
It's
important
that
we
have
a
vision
on
this
ourselves,
for
example,
blocking
things
from
being
released
that
don't
make
the
situation
worse
can
actually
super
detrimental
to
like
the
cycle
time
of
companies
and
their
ability
to
handle
like
user
problems.
A
set
of
security
problems.
Saying
things
like
hey
every
10
releases
we
want
to
do
a
penetration
test.
I
think
is
detrimental
to
splitting
work
up
in
little
small
pieces
that
we
know
canning
can
help
make
their
cycle
time
faster.
A
So
I
have
to
be
really
smart
with
how
we
design
these
things,
and
we
have
to
allow
our
customers
to
consume
these
things
via
API,
but
I
do
know
that
we
have
to
get
a
lot
better
at
making
sure
all
these
gates
are
in
the
products.
The
ability
to
customize
these
things
can
add
enormous
value
for
our
customers.
You
see
that
great
companies
like
Salesforce
and
like
ServiceNow,
they
allow
customers
to
customize
these
things
and
they
go
beyond
being
just
an
application.
They
become
a
platform
and
I
think
I'd
get
live.
A
We
should
have
the
same
ambition
where
we
have
many
of
these
things
that
make
sense
for
the
customers
to
quickly
use,
and
we
can
be
inspired
by
other
developments
in
the
industry
like
AWS
config,
that
is
already
helping
customers
be
compliant.
We
have
a
lot
of
customers
in
the
financial
sector
in
the
health
sector
and
I
think
over
time.
Every
company
that
ships
software
should
have
controls
in
place,
whether
they're
legally
required
or
not.
You
just
want
that
as
a
best
practice
and
give
up
should
be
leading
that
effort.
Thanks.