►
From YouTube: DAST Air Gap Live Demo
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
B
Thanks
time,
yeah,
so
thanks
everyone
for
joining
my
name
is
Jeff
Berger
I'm,
the
engineering
manager
on
the
desk
team
and
we're
gonna
walk
through
setting
up
gas
and
air
adapt
environment.
For
those
of
you
that
are
not
too
familiar
with
gassed
gassed
is
a
dynamic
application,
security
testing
tool
and
it
works
essentially
as
a
spider.
It
will
go
to
your
website
and
that
will
find
vulnerabilities
on
your
website.
So
the
demo
will
will
do
in
four
different
pieces.
We're
gonna
walk
through
the
GCP,
our
Google
Cloud
setup.
B
Will
the
second
piece
was:
we
will
show
how
to
sideload
assets
into
the
Google
cloud
environment
depending
on
you
know
our
customer
setups.
That
step
is
going
to
be
a
little
bit
different,
but
we'll
walk
through
some
scripts
that
some
of
our
customers
may
be
able
to
use.
The
third
thing
we'll
do
is
we'll
set
up.
B
A
gas
can
and
we'll
set
that
up
using
the
traditional
online
setup
and
then
we'll
set
it
up
using
the
script
that
you
would
use
an
air-gapped
environment
and
what
we'll
see
is,
if
you
set
it
up
as
if
it
was
a
non
air-gap
environment,
that
job
will
fail.
If
you
use
the
code
that
is
specifically
designed
for
an
air-gap
environment
that
will
succeed
and
then
the
fourth
step
is
we'll
show
how
this
works
within
the
broader
context
of
gitlab.
B
B
B
The
two
different
servers
that
we
have
set
up-
one
is
our
bastion
host
and
then
the
other
is
our
git
lab
instance,
and
so
both
these
are
set
up
with
limited
access
to
the
Internet
and
I'll
walk
through
that
in
a
second,
the
bastion
is
what
we're
going
to
assess
H
into
and
use
that
to
sideload
a
lot
of
the
assets
into
our
gate,
lab
instance,
on
our
test
server
we've
got
get
lab
setup.
We've
also
got
to
get
Bob
docker
registry,
that's
part
of
that
setup,
and
we
also
have
some
runners.
B
Naturally,
a
number
of
customers
will
probably
have
runners
on
separate
machines,
but
just
for
for
purposes
of
this
demo,
we
put
it
all
on
the
same
machine.
Let's
take
a
look
at
the
test
network
here
and
you
can
take
a
look
at
the
different
rules
that
we
have,
and
this
is
basically
shows
you
how
it's
it's
very
similar
to
a
true
air-gapped.
B
We've
got
a
couple
of
ingress
rules
which
is
port
443
here
and
then
SSH
as
well.
So
that's
going
to
allow
us
just
to
connect
to
the
server
as
a
web
browser
I'm
on
the
secure
port,
but
the
main
rule
that
I
want
to
point
out
is
our
egress
rule,
which
is
right
here,
and
what
you
can
see
is
that
from
all
IP
addresses
it
is
going
to
block
it's
going
to
deny
all
traffic,
and
so
our
get
lab
instance
will
not
be
able
to
talk
to
the
outside
world
and
why?
B
That's
really
important
is
the
registry
images
typically
are
going
to
come
from
registry
get
lab
comm
this
instance
won't
have
access
to
that
and
that's
why
we're
gonna
have
to
sideload
those
images
into
that
environment.
So,
with
that
in
mind,
I'm
gonna
I've
got
to
SSH
terminal
setup.
Here,
one
is
to
a
bastion
host
and
then
the
other
is
to
our
test
host
and
just
to
prove
that
we've
got
air
gap.
What
I'm
going
to
do
is
just
run
a
net
cat
command
here
and
you're.
B
Gonna
see
that
this
is
just
gonna
hang
because
it's
trying
to
access
the
outside
world.
This
is
our
bastion
server
and
then
this
is
our
test
server,
which
again
has
two
lab
running
as
well
as
the
runners,
and
you
see,
this
is
just
starting
to
hang
and
I'm.
Gonna
flip
over
to
my
personal
laptop
here,
as
you
can
see,
is
my
MacBook
and
I'm
just
run
run
the
same
command
here.
B
So
I'm
gonna
run
netcat
on
my
local
machine
and
you'll,
see
I
get
a
successful
connection.
That's
my
local
machine,
but
if
we
go
back
to
the
test,
you
can
see
how
this
is
timing
out
and
it's
not
able
to
connect
so
I
stopped
there
because
I
think
that's
our
first
step
just
to
get
feedback
and
to
get
a
grade.
C
C
So
I
think
it's
if
Kevin
is
satisfied,
we
can
rate
this
as
a
five
or
this
one
does.
It
seem
think
I'm
proving
a
gap.
E
C
E
B
C
E
Know
why
it
didn't
occur
to
me
until
now,
but
in
order
to
get
the
DNS
like
the
IP
address,
it
would
have
to
go
to
the
local
resolver
and
if
it's
not
in
the
local
resolver
of
then
good
forwarded.
So
I,
don't
know
if
that
countess-like
an
outbound
connection,
so
I'm
just
going
to
verify
like
how
it
resolved
the
IP
to
make
sure
that
it.
E
Was
it
was
actually
registered,
so
it's
35,
so
that
is
a
public
IP
address
for
registered
IKEA
lab
comm,
so
I'm
not
sure
where
along?
So?
If
you
do
sorry,
if
I'm
hijacking
it,
but
we
can
run
dig
right
now.
If
you
have
dig
on
there
go,
dig
registered
ocula
calm
and
then
we
could
try
to
see
how
it
resolved.
E
B
F
B
B
B
All
right
perfect,
so
the
next
step
is
I
just
want
to
walk
through
how
we're
gonna
side
load
these.
So
on
my
local
machine
right
here,
I'm
gonna
SSH
into
the
Bastion
from
the
bastion
I'm
gonna,
do
a
dock
or
pull
from
gitlab
comm,
which
is
where
our
registry
images
are
stored.
Those
are
going
to
come
back
to
the
bastion
those
files
will
get
saved
and
tar
balled
we'll
use
an
SCP
to
move
those
over
onto
the
air-gapped
environment
and
then
on
the
air-gapped
environment.
B
B
So
there's
two
documents
that
are
important
to
look
at
the
first
is
going
to
be
this
document,
which
is
the
air-gapped
in
get
lab,
and
this
actually
has
a
couple
of
sample
scripts
and
I'll
walk
you
through
the
script
that
I
have,
which
is
a
slight
variation
of
these.
The
other
document
that
is
going
to
be
important
to
read
in
conjunction
with
this
is
going
to
be
the
DA
specific
document.
So
if
we
scroll
down
here
to
air-gap.
B
Fine:
okay,
it's
going
to
give
us
the
name
of
the
image
that
we're
going
to
need
to
copy
over.
So
using
this
previous
script.
It
tells
us
where
the
images
are
for
some
of
these
other
analyzers,
and
then
this
document
tells
us
the
specific
image
that
we
need
for
desks
and
I'll
walk
you
through
the
script
that
I
used
to
sideload
this
very
similar
to
the
documentation
which
you
see
if
I
can
pull
these
up
side-by-side.
B
That's
right
and
basically
what
this
does
is
it
takes
the
analyzers,
creates
a
loop
and
creates
a
tarball
file
for
each
one
and
then
saves
it
into
a
folder,
and
then
this
script,
which
is
the
next
one
to
load
into
the
environment,
is
actually
going
to
SSH
loaded
into
docker,
tagged
it
with
a
new
registry
and
then
push
it.
And
so
this
is
exactly
what
we're
doing
here
for
dast,
because
there's
just
one
analyzer,
it's
just
gonna,
it's
not
gonna
do
a
loop.
It's
just
going
to
pull
the
latest
version
of
dast.
B
It
pulls
it
here
on
line
5.
It
then
pipes
this
over
to
SSH
loads
it
into
docker.
Once
it's
on
there,
we
would
SSH
on
to
that
box
tag
that
registry.
Again
it's
going
to
have
the
old
name
registry
docket,
lab
comm
tag
it
with
a
new
air
gap,
server
log
into
the
docker
registry
and
then
push
that
up
and
that's
what
we've
got
so
if
I
come
over
to.
B
The
other
thing
that
I
did
in
preparation
for
this
demo
is
we're.
Gonna
use
another
image
which
is
unrelated
to
really
but
is
just
a
sample
website
that
we're
going
to
scan,
and
that
is
a
simple
vulnerable
app.
It's
actually
the
dvwa,
which
is
a
darn
horrible
web
app
or
damn
vulnerable
web
app
and
I've
just
uploaded
that
registry
image
that
we'll
use
in
our
scripts
later.
So
that's
how
you
would
sideload
any
of
these
images
into
your
air-gapped
environment.
B
This
we're
able
to
run
because
we
have
some
connectivity
to
the
Internet,
but
the
script
like
this
would
be
modified
if
you're
using
something
like
you
know,
physical
media,
that
you
actually
have
to
grab
images
off
the
internet,
put
them
onto
a
hard
drive
and
then
move
them
over
into
your
environment.
So
I'll
stop
there
and
see
if
there's
any
questions
about
how
to
sideload
into
the
environment.
So.
C
B
B
B
All
right
perfect,
so
we
will
now
get
into
actually
setting
up
a
ghast
test.
One
of
the
things
you
will
notice
is
that
I've
got
this
I
Pete
this
domain
name
and
that's
just
a
quick
map
that
I
put
in
my
local
host
file.
So
you
can
take
a
look
at
hosts,
so
I
just
added
this
IP
address
to
the
host
name.
The
reason
this
is
important
is
get
lab,
uses
the
host
name
internally,
and
so
when
gitlab
provides
URLs,
it's
gonna
have
the
host
name
and
so
very
was
accessing
this
website
via
IP
address.
B
It
would
load
up
initially
and
then
once
I
start
clicking
around
it's
going
to
bounce
me
out
to
a
host
name.
So
I
had
to
set
up
this
entry.
My
host
file
to
make
sure
that
I
think
it
locked
out
of
sight.
So
I'm,
just
gonna
come
in
here,
I'm
part
of
a
group
called
tests
and
we're
gonna.
Do
it
as
part
of
this
group
so
that
we
can
see
how
these
results
roll
up
into
the
group
security
dashboard.
B
B
So
what
I'm
going
to
do
for
this
demo
is,
will
create
two
branches
will
create
the
traditional
installation
and
then
we'll
create
a
offline
installation
so
to
do
the
traditional
installation.
Let
me
walk
you
through
this
from
a
documentation
perspective,
so
that
it's
easy
to
follow.
What
I'm
doing
if
we
scroll
down
to
installed
asked,
is
very
simple.
So
it's
just
this
bit
of
code.
It's
an
include
the
template
and
then
the
variable
of
the
website,
so
we're
gonna
come
over
here
to
vials
/
EEE.
B
B
And
I'm
going
to
introduce
a
service-
and
this
is
just
this-
is
really
not
related
to
the
on
to
the
air-gap
environment,
but
I'm,
just
introducing
a
service
which
is
our
darn
vulnerable
web
application
and
giving
it
an
alias-
and
so
with
this
will
allow
gas
to
do-
is
to
scan
this
website.
This
service
is
going
to
start
up
when
the
when
the
job
runs.
So
again,
this
is
really
irrelevant
to
our
demo.
It's
just
a
quick
way
of
getting
a
website
that
we
can
test.
B
The
next
thing
that
I
want
to
do,
for
this
is
just
add
a
quick
job
in
here
again,
it's
not
related
to
gas,
but
it
is
just
to
help
us
prove
that
we're
an
air-gapped
environment-
and
this
is
just
verify-
air-gapped
environment
is
working,
and
this
is
designed
to
pass
if
there's
an
air
gap
environment
and
fail
if
it's
able
to
access
the
Internet,
and
so
this
is
just
a
quick
demo.
Now
one
of
the
things
you'll
notice
is
I
have
not
changed.
B
Anything
about
I
haven't
overridden
any
of
the
primary
values
in
tast
I've,
just
added
a
service,
and
so
I'm
going
to
go
ahead
and
commit
this.
Let
me
create
a
new
branch
called
Seth
yam,
and
this
is
gonna,
be
the
online
setup
and
again
because
this
is
how
you
set
it
up
if
you
were
not
in
their
GAF
environment,
so
I'm
gonna
copy.
All
of
this
so
I've
got
it.
B
B
B
So
this
is
the
template,
that's
that's
behind
the
scenes.
So
what
we're
doing
is
we're
overriding
a
script
here,
and
so,
if
we
look
at
the
side-by-side,
what
we're
doing
is
here
we're
just
exporting
the
website
from
either
the
environment
variable
or
a
file
and
then
we're
running
analyze
T
in
the
website
for
the
air-gap
version.
B
We're
gonna
do
the
exact
same
thing,
so
we're
exporting
the
website
right
here
or
analyze,
T
and
the
website,
and
then
there's
this
little
bit
of
code,
which
is
necessary
to
make
this
run
in
a
air-gapped
environment,
and
this
is
auto
updates.
Auto
update
add-ons
equals
false
and
so
within
it
uses
rules
to
run
tests
against
your
website.
And
what
this
is
doing
is
it's
saying:
hey
use
the
rules
that
are
baked
into
don't
go
out
to
the
internet
and
get
new
rules,
and
so
just
severing
that
connection
and
then
there's
another
variable.
B
It's
a
little
bit
of
a
weird
syntax,
and
this
is
Zee
silence,
and
this
is
passing.
The
silent
grammar
into
the
underlying
scanner
and
silent
in
the
underlying
scanner.
Basically
says
hey.
If
you
have
any
connections
that
you
want
to
go
out
to
the
internet,
forget
about
it
and
don't
do
it,
and
so
it
will
make
sure
that
there's
no
connections
going
out
to
the
internet,
so
these
two
are
gonna,
are
really
what
makes
this
air-gapped
available.
B
C
B
Get
this
running
since
the
the
pipelines
to
take
a
minute
or
two
to
run.
Let
me
just
peek
in
on
those
ok
great,
so
there's
a
right.
So
while
we
have
those
set
up,
what
I
want
to
show?
You
is
the
dashboard,
so
the
security
dashboard
is
going
to
be
blank
for
this
project
and
again,
the
reason
is
the
security
dashboard
is
going
to
get
populated
with
values
based
on
the
master
branch.
B
We,
if
we
look
at
a
repository
there
is
nothing
on
a
master
branch
other
than
a
readme
file,
so
there
are
no
vulnerabilities
in
the
dashboard
at
this
point.
Further
I
want
to
walk
through
the
configuration
screen
and
you'll
see
that
nothing
is
configured
and
again.
This
configuration
screen
is
based
off
the
master
branch
right
now
we
did
these
configurations
on
on
branches,
and
so,
according
to
this
screen,
nothing
has
been
configured
and
in
our
next
step.
What
we'll
do
is
we'll
merge
these
onto
the
master
and
you'll
see
this
strange
change.
B
So,
let's
go
back
to
our
merger,
quick,
merge,
request,
yeah
and
we've
got
our
failure
and
this
other
one
is
still
running.
So,
let's
take
a
look
at
our
pipelines,
so
our
pipeline,
this
is
our
online
set
up
and
again.
This
is
how
you
would
set
it
up.
If
you
had
connections
to
the
Internet,
we
can
take
a
look
at
the
job
here
which
was
verified
the
air-gap,
so
it
did
verify
that
there
is
an
air
gap
and
then
this
job
has
failed
and
if
we
look
at
the
job,
it's
very
easy
to
see.
B
B
B
So
if
we
scroll
up
into
these
results,
a
couple
of
key
things
is
you
can
see
that
it's
pulling
our
local
analyzer.
So
it's
able
to
pull
that
successfully
and
then,
if
you
scroll
down,
it's
able
to
run
the
scan-
and
you
can
see
it
running
through
each
of
the
different
scans
here
when
it's
done
it
uploads
the
asset.
So
that
means,
if
we
come
to
our
PI
and
look
at
our
pipeline
here,
we
should
see
a
security
tab,
and
these
are
the
vulnerabilities
that
it
is
found.
B
If
we
go
to
our
other
pipeline,
the
one
that
failed,
we
won't
have
that
data
base.
We
just
have
a
failed
job,
so
we'll
take
a
look
real,
quick
at
what
these
vulnerabilities
are
and
show
you
how
this
works.
So
these
are
just
an
X
frame
options
header.
It
found
this
problem
on
a
number
of
pages
and
outputted
all
the
pages
where
that
occurred,
and
then
it
gave
us
some
other
vulnerabilities.
So
we
can
tab
through
these.
Do
all
that
or
click
into
them
and
look
at
any
of
the
details.
B
D
Yeah
I
hate
any
question:
I
was
curious,
so
I
think
for
the
purpose
of
the
demo.
We're
doing
it
this
way,
but
I
want
to
confirm
so
the
obviously
the
vulnerability
of
saathi,
the
site
that
website
we're
trying
to
scan
and
that's
why
you
needed
to
the
variables.
If,
if
we
were
scanning
our
own
son,
then
then
you
wouldn't
you
wouldn't
need
those
pieces
of
the
the
yanil.
Is
that
correct
or
do
you
always
need
the
Eskew?
You
know
I
mean
I.
B
G
G
B
D
D
H
G
Demo
totally
how
they're
it's
up
to
how
they've
configured
their
environment,
so,
if
they're
deploying
to
a
static
test
dot,
whatever
dot,
whatever
they'd
want
to
put
that
in
there
like,
if
that
was
their
deployment
flow,
that
they
were
not
using
review
apps
but
going
to
a
static
test
or
a
UAT
or
whatever
environment.
They'd,
use
that,
whether
we're
using
a
review
app,
they
would
just
be
using
the
environment
variable
that
that's
just
showed,
so
it
completely
depends
on
their
get
lab.
You.
D
B
C
Sure
III
do
have
a
comment
overall,
since
the
format
of
these
scorecards
are
changing
and
I
don't
know
how
to
how
to
take
this
into
the
grade,
because
I
it
wasn't
designed
to
taking
this.
This
type
ask
is
that
when
we
have
a
single
source
of
truth,
let's
make
sure
that
the
step-by-step
does
follow
through
because
I.
If
now,
we
have
a
single
saw,
the
truth.
We
enable
rich
text
editing,
let's
really
make
sure
that
we
have
it
step-by-step
and
follow
through
each
step.
C
I
think
when
we
start
off
a
lot
of
this
set
up
was
in
the
documentation,
which
is
great,
because
it
means
that
we
are
following
through
what
we're
showing
our
customers,
but
please
make
it
clear
and
then
make
sure
the
steps
are
correct.
That's
my
that's.
My
overall
recommendation:
unaccepted
yeah,
yes,
good
progress.
D
B
B
D
B
D
B
So
there's
a
number
of
different
projects
that
we
use
web
good
is
one.
This
is
new
one
that
I
was
playing
around
with
and
there's
a
couple,
others
that
our
opponent
building
research
team
uses
that
are
more
standard
for
benchmarking.
These
tools,
what
I
was
trying
to
do
is,
and
the
reason
I
chose
this
one
is
it's
extremely
lightweight:
there's
actually
a
really
basic
PHP
website,
and
so
it
spins
up
really
quickly.
We
can
get
the
vulnerabilities
without
sitting
there.
Web
code
is
a
lot
more
expensive
and
takes
a
little
bit
longer
to
run
yeah.
B
Alright
looks
like
our
pipeline
is
done,
so
we've
got
here's
our
security
dashboard.
We
can
see
the
mediums
and
the
lows
we
saw
this
in
a
previous
demo,
but
this
has
links
out
to
third-party
websites
that
give
more
of
the
information
on
these
vulnerabilities.
It's
going
to
work
on
my
machine,
because
my
machine
is
obviously
connected
to
the
Internet.
B
If
a
user
is
connecting
to
this,
if
if
he
or
she
doesn't
have
access
to
these
links
are,
are
naturally
going
to
be
broken,
but
you
can
get
all
the
it
doesn't
link
over
to
the
URL
of
the
desk
that
das
was
scanning.
So
if
that's
a
local
website,
that's
gonna
work
and
then
it
links
over
to
everything
else
that
that
should
work
internally.
B
You
can
create
an
issue
dismissive
owner
ability
to
do
all
that
kind
of
stuff
standard
standard
and
then
we'll
go
out
to
our
group
level
here
and
we'll
take
a
look
at
security
and
what
we
should
see
is
those
vulnerabilities
coming
in.
So
if
we
filter
just
on
the
April
1st
demo
project,
you
can
see
all
those
vulnerabilities
now
going
through
it
to
the
dashboard.
You
can
also
filter
just
on
past.
B
D
B
It's
using
a
tool
called
SAP,
which
is
that
Zed
attack
proxy
and
it
has
a
number
of
add-ons
and
each
of
those
add-ons
comes
with
their
own
set
of
rules
as
well
as
their
vulnerability
metadata,
and
so
this
one
is
coming
from
scanner,
most
likely
called
reverse
tab
map,
tab,
nabbing,
and
that
has
all
this
metadata
in
built
into
the
scanner
so
that,
when
it
finds
this
vulnerability
actually
creates
all
this
information
and
then
that's
all
in
in
the
the
artifact.
This
security
report
I
think,
okay,.
G
And
I'm
just
gonna
answer
this
one,
because
it's
been
asked
on
the
other
demos
is:
will
anyone
be
able
to
click
those
links
and
it
really
depends
on
their
computer?
So
in
our
specific
case,
because
we're
viewing
it
from
the
bastion?
Yes,
but
it
would
depend
on
the
computer
of
the
developer
who's,
viewing
that
vulnerability,
interaction,
whether
it
would
resolve
or
not
as
I
know,
people
ask
that
we're
trying
to
make
that
clear
in
the
documentation.
I've
got
some
MREs
around
for
that.
D
B
G
This
is
in
our
user
documentation.
I've
got
em
ours,
stating,
depending
on
the
way
that
you
have
configured
your
offline
environment,
will
depend
whether
Auto
remediation
or
links
displayed
with
it,
and
the
vulnerability
interactions
will
resolve
which,
if
they're
working
in
an
air-gapped
environment
that
should
be
pretty,
they
should
understand
that
and
I
mean
I
can
wordsmith
it
more
if
we
need
to,
but
basically
it's
100%
dependent
on
how
they
set
up
their
environment.
D
Yeah
I'm
fine
with
that
I
agree
that
and
to
cover
both
points
to
reviewing
the
the
docs
Ford
asked
the
very
straightforward
it
makes
sense.
I
could
do
and
I
think
they'd
explain
like
what
the
different
options
mean,
which
is
nice,
so
I'm
good
with
the
docs
as
they
are,
and
we
can
ask
Nicole.
We
can
actually
one
of
our
representative
from
one
of
my
customers
is
planning
to
be
on
the
next
Emma.
So
we
can
ask
that
question
and
get
an
answer
straight
from
them.
B
Now
one
of
the
things
about
the
get
lab
documentation
as
I
understand
it
is
it's
hosted
on
get
lab
today
and
you
can
also
get
it
I
think
slash
help
or
slash
Doc's,
but
my
understanding
is
that
that's
actually
going
away
where
the
plan
is
to
get
rid
of
that.
So
one
of
the
concerns
is,
if
you
have
to
go
to
doc,
state
lab
com.
D
H
D
H
D
Because
I
know
the
the
Quick
Links
like,
for
example,
the
links
that
are
helpful
like
on
markdown
and
quick
actions,
and
things
like
that.
I
know,
people
use
all
the
time
in
here.
Got
networks
it'd
be
nice
to
have
those
they're
okay
with
the
simplified
one,
not
the
full-fledged
one,
but
the
setting
that
simplified
is
helpful
in
some
cases.
Now
this
this
configuration
here
for
DAST
probably
would
be
okay
to
be
in
just
from
the
dark
side,
but.
C
C
G
C
G
G
F
We
consider
this
seriously
before
we
would
deprecated
capability
right
like
this
is.
This
is
a
good
example
of
deprecation
of
the
capability,
where
it's
germane
and
and
I
would
not
view
it
as
an
issue
that
this
release
until
we
have
a
timetable
which
it
feels
like.
That's
just
that's
just
how
we
do
it
like
I'm
all
for
collaboration,
but
on
this
one
it
just
seems
like.
We
just
need
to
be
very
explicit
about
not
doing
not
not
changing.
Customer
experience
in.
D
I'll
be
honest:
could
you,
from
my
perspective,
I'm
finally
keeping
these
fives
for
the
for
the
reason
that
most
they're,
those
quick
links
where
they
need
to
quickly
look
something
up
and
not
switch
networks
is
very
useful,
but
most
people
working
on
air
gap
have
the
ability
to
view
the
other
network
on
another
monitor
right
next
to
them,
and
so
the
ability
to
you
know
to
get
to
the
full
docks
they
know
they
have
to
go
to
full
docks.
You
know
for
some
stuff
all
the
time
so
I,
don't
I,
say
I,
think
I.
A
H
Great,
we
could
add
if
this
is
something
we
want
to
show
during
the
next
demo,
we
could
have
a
stab
that
goes
from
the
configuration
page
where
we
showed
this
feature
is
not
configured.
There's
a
tooltip
there
that
point
to
the
local
documentation
cause
a
specific
feature,
so
this
could
show
directly
the
documentation
that
is
embedded
with
the
get
live
instance.
The
problem
is
until
we
put
that
documentation,
2010
and
2010
released.
We
won't
see
it
into
the
air-gap
instance.
D
Yeah,
when
I
was
referring
to
the
quick
like
tooltip
type
stuff,
that
was
for
like
kind
of
the
everyday
stuff
like
markdown
and
and
quick
actions,
is
a
great
example
for
this
kind
of
thing.
You
do
it
once
I
think
it's
perfectly
fine
to
not
have
that
as
a
tool
to
quick
action.
I
mean
a
co-op
tool
to
thing
and
I.
Think
going
to
the
official
websites
version
is,
is
okay
but
I,
and
that's
just
my
opinion.
G
Like
I
said,
I
linked,
it,
I've
got
two
one,
one,
six,
one
nine
for
us
to
discuss
it
internally
around
what
is
our
needs
for
our
customers
and
it's
in
the
post,
I'm
producing
epic
and
then
go
to
that
with
said,
the
technical
writing
team.
So
if,
if
everyone
could
read
the
notes
later
and
remember,
to
put
in
like
your
use
case
and
like
your
user
things
and
stuff,
so
when
we
go
the
technical
writing
team,
it's
not
just
us,
whining
I'd
love
to
have
you
know
specific
comments.
If
anyone
can.
A
D
The
only
thing
we
didn't
do
was
I
think
in
the
previous
demos.
Just
for
completeness
a
we
tweaked
I
think
they
would
create
one
issue
and
dismiss
one
but
I've
seen
the
mobile
time.
Some
confident
it
wouldn't
be
a
problem,
but
that's
the
I
can
do
that.
So
I
saw
that
was
missing
when
we
did
this
demo
step
four.
B
B
Is
that
does
that
cover
the
excuses.
E
B
C
Everyone
I
know
I
may
be
asking
questions,
but
it's
a
please
assume:
I
have
positive
intent
and
making
sure
we
cross
how
to
cross
all
the
checkboxes,
and
this
is
a
great
score
to
get
Congrats.