►
From YouTube: KubeCon NA 2022 Code Challenge
Description
In this video, Brendan describes the GitLab Code Challenge at KubeCon North America in Detroit. Complete fun challenges and learn how GitLab can scan your dependencies for known vulnerabilities and create provenance metadata to support SLSA Level 2 compliance.
To join the Code Challenge, visit https://codechallenge.dev
For complete rules, please see https://about.gitlab.com/community/sweepstakes/kubecon-na-2022-code-challenge/.
A
Hi
yeah
so
I'm,
my
name
is
Brendan
and
I
want
to
take
you
through
the
kubecon
North
America
2022
code
challenge
that
you
can
find
at
the
gitlab
booth
and
just
kind
of
talk
through
what
we're
learning
in
this
one.
So
the
challenge
has
three
levels
and
they're
kind
of
increasing
in
complexity.
So
the
first
level
is
a
relatively
simple
one
to
accomplish,
but
brings
in
some
really
important
features
that
I
wanted
to
talk
about.
A
So
when
you
click
on
the
snippet
you'll
get
this
little
bit
of
code
that
you
just
need
to
add
to
the
top
of
the
gitlab
ciml.
So
once
you've,
forked,
the
project
you'll
go
to
your
version
of
the
project
and
edit
the
gitlab
cim,
well
just
to
add
that
to
the
top
all
right
and
then
make
a
merge
request
back
to
the
main
part
of
the
project,
I
mean
Upstream
project
and
that's
a
very
small
little
piece
of
code.
Let's
look
at
that
again.
A
It
says
Runner
generate
artifacts
metadata,
and
so
what
does
that
do?
Well,
that's
actually
going
to
generate
the
salsa
level,
two
metadata,
that's
required
of
to
achieve
level,
two
salsa
compliance.
So,
as
you
can
see
here,
the
Providence
of
the
build
and
the
outputs
of
the
build,
the
artifacts
that
are
created
are
one
of
the
requirements.
There's
a
lot
of
requirements
here,
but
one
of
the
requirements
for
salsa
level,
two
and
so
by
just
turning
on
that
flag
gitlab.
A
Actually,
the
gitlab
runner
will
automatically
generate
that
metadata
and
include
it
with
the
artifacts
that
it
creates.
So
I
think
we
can
see
that
here.
If
we
look
at
a
previous
merge
request
here,
we
can
see
the
artifacts
are
here
and
those
that
artifact
will
actually
include
that
Json
file
with
that
metadata
and
then
the
second
thing
we're
going
to
do
is
we're
going
to
learn
about
gitlab
dependency
scanning.
So
another
critical
part
to
supply
chain
security
is,
of
course
scanning
for
known
vulnerabilities
in
your
dependencies
and
that's
also
very
easy.
A
But
when
you
do
that,
you're
going
to
then
get
the
security
scan
and
you
can
see
the
details
of
it
here
and
also
view
a
full
report
about
it
and
all
of
the
you
know
any
and
all
cves
that
were
found
and
for
a
bonus,
Point
bonus
internet
points.
You
can
try
and
fix
any
vulnerabilities.
You
do
find
hope
you
enjoy.
The
code.
Challenge
and
I
can't
wait
to
see
everyone
at
kubecon,
2022,
North
America
thanks.