7 Sep 2023
In this video, Oscar Tovar Senior Backend Engineer on the Composition Analysis team demos an upcoming feature of Continuous Vulnerability Scanning. With Continuous Vulnerability Scanning, detecting new vulnerabilities in existing components will no longer require re-running a dependency scanning job. Instead, existing software components will be automatically be analyzed to see if they are affected by a new advisory.
----
Epic: https://gitlab.com/groups/gitlab-org/-/epics/10025
----
Epic: https://gitlab.com/groups/gitlab-org/-/epics/10025
- 1 participant
- 4 minutes
7 Sep 2023
This is a prototype demo of how we can ingest OS packages and advisories from trivy-db into the external license-db.
It shows how we read trivy db data and then feed them to the advisory processor who is responsible for storing them in the database.
It shows how we read trivy db data and then feed them to the advisory processor who is responsible for storing them in the database.
- 2 participants
- 18 minutes
6 Jun 2023
This is the last part of a series of demos about Ingesting Dependency Scanning advisories.You can find the other demos here:
- Advisory Feeder - Part 1: https://www.youtube.com/watch?v=s1IhnVYYJXk&ab_channel=GitLabUnfiltered
- Advisory Processor - Part 2: https://www.youtube.com/watch?v=jpvxh2BNipA&ab_channel=GitLabUnfiltered
- Advisory Feeder - Part 1: https://www.youtube.com/watch?v=s1IhnVYYJXk&ab_channel=GitLabUnfiltered
- Advisory Processor - Part 2: https://www.youtube.com/watch?v=jpvxh2BNipA&ab_channel=GitLabUnfiltered
- 1 participant
- 12 minutes
26 Apr 2023
Following on https://www.youtube.com/watch?v=s1IhnVYYJXk&list=PL05JrBw4t0Kpke91zoZQBB2a5acS6V3XK&index=6 this demonstrates the next step of the Advisory Ingestion process: the advisory-processor.
- 1 participant
- 7 minutes
4 Apr 2023
Demo of SBOM report generation in Container Scanning for Trivy-based analyzers.
This contributes to the Continuous Vulnerability Scans feature by allowing to ingest components detected in container images.
This contributes to the Continuous Vulnerability Scans feature by allowing to ingest components detected in container images.
- 1 participant
- <1 minute
27 Mar 2023
This video presents the outcomes of our spikes and planning breakdown for Continuous Vulnerability Scans high level epics.
Warning: in this video the planning view is DRAFT and not reflective of our expecations to deliver the work.
Warning: in this video the planning view is DRAFT and not reflective of our expecations to deliver the work.
- 3 participants
- 20 minutes
5 Mar 2023
This is part of a series of videos on the development of the Continuous Vulnerability Scans. Here we present the initial planning for this project to give a quick look at hour expected due date. Please keep in mind that at this point the level of predictability is pretty low and we need to further break down these high level tasks to refine the planning.
You might want to watch the Overview first at: https://www.youtube.com/watch?v=ahl8gTkuWZ4
You can read more on the corresponding epic: https://gitlab.com/groups/gitlab-org/-/epics/7886
You might want to watch the Overview first at: https://www.youtube.com/watch?v=ahl8gTkuWZ4
You can read more on the corresponding epic: https://gitlab.com/groups/gitlab-org/-/epics/7886
- 1 participant
- 6 minutes
5 Mar 2023
This is the first video of a series on the development of the Continuous Vulnerability Scans.
You can read more on the corresponding epic: https://gitlab.com/groups/gitlab-org/-/epics/7886
You can read more on the corresponding epic: https://gitlab.com/groups/gitlab-org/-/epics/7886
- 1 participant
- 12 minutes