►
From YouTube: Dependency Scanning for Offline Environment
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
B
So
please
avoid
playing
with
that
script.
Why
I'm
running
thread
and
we'll
go
back
to
that
score
card
after
each
step
is
completed
to
to
score
it?
Is
that
clear
for
everyone?
Good?
Ok,
let's
go
so.
The
first
thing
we
want
is
to
set
up
and
prove
the
I
get
environment.
We
assume
that
I
mean
this
again
when
Raymond
has
already
been
set
up,
because
this
is
something
that
it's
time
consuming.
So
we
have
this
and
you
go
a
good
platform
console
that
show
the
multiple
VM
that
we
have
set
up.
B
We
have
this
one,
which
is
the
gig
library
got
test,
which
is
where
we
have
installed
the
geek
lab
self
management
stance,
and
we
also
are
diverging
the
gift
library
get
past
earnest,
which
is
something
the
leveraging
and
to
inject
some
data
into
the
I
get
test
and
stands,
and
we
also
have
those
two
brand
new
laws
which
are
NPM
and
PI
P
registries
and
I
will
come
back
to
that
later.
I.
B
Will
login
into
the
bastion
host
class?
Sorry
the
air,
a
gap
test
instance
just
for
the
sake
of
demonstrating
that
it
cannot
reach
out
to
the
outside?
We
have
egress
rules
in
the
firewall
that
lock
everything
which
is
outgoing,
with
few
exceptions
that
are
brand
new.
Those
are
allowing
egressed
skull
to
the
internal
neck
or
to
allow
their
gap
instance
to
reach
over
to
the
two
other
VMs,
where
we
have
installed
the
package
registries.
This
is
brand-new
and
this
is
necessary
for
the
Pennsy
scanning
and
I
will
come
back
middle
of
that.
B
B
B
B
This
is
a
sample
JavaScript
project
with
some
dependencies,
just
one
to
be
honest,
which
is
low
version
that
contains
something
really
it
is,
and
for
the
sake
of
this
demonstration,
the
the
penalty
has
been
buildin
within
within
the
project
itself,
so
we
are
gondor
the
dependency
which
is
available
directly
here
so
that
it
doesn't
make
an
external
call.
This
is
for
again
simplicity
and
for
the
demonstration
I
will
come
back
later
to
the
challenges
we're
facing.
Codependence
is
getting
to
have
a
more
realistic
approach
of
testing
place.
B
So
the
way
we
are
setting
this
up
is
the
original
documentation,
the
start
of
a
commutation
for
content
for
dependency
scanning.
So
I
can
just
open
the
ID
here
and
create
a
new
file
which
will
be
a
key
clap,
see
IMO
file
and
Trust
includes
those
two
lines:
I.
B
Again,
what
I
can
show
about
this
test
project
is
that's.
Currently,
there
is
nothing
configured
about
situation,
compliance
features,
as
you
can
see
here,
the
security
that
role
is
also
empty.
The
dependency
list
is
empty,
so
there
is
no
gravity
data
available.
Yet
so,
as
mentioned,
this
job
is
critically
failing
because
it
tries
to
reach
out
to
the
official
docker
registry
to
download
some
images
that
are
necessary
for
the
set
up,
and
this
will
effectively
fail
after
a
few
tries.
B
I
will
also
add
this
again
job,
which
is
kind
of
a
little
testing
job
that
we
use
to
show
just
me
to
show
that
we
cannot
reach
out
the
internet
from
the
CI
jobs.
So
I
will
just
add
that
again
here.
So
what
this
job
is
doing
is
as
trying
to
wk
and
reduce
utopia
club.com,
and
if
it
fails,
it
will
exit
successfully.
But
if
it's
excelled,
it
will
exist
with
a
failure.
So
we
want
this
job
to
succeed
by
failing
to
reach
out
to
reduce
evil,
calm.
C
B
D
C
B
Let's
now
move
to
the
second
step,
which
is
about
showing
how
we
set
up
and
configure
this
in
within
the
agaev
environment.
So
we
have
some
documentation
available
about
how
to
set
up
sings
at
when
I
get
environments.
This
is
really
brand
new.
We
are
making
a
lot
of
changes
constantly
to
this
documentation.
B
We
are
some
specific
documentation
for
the
situated
features
that
we
are
providing
and
we
have
some
specific
directions
for
some
of
those
features
to
explain
how
to
set
up
to
this
update
in
an
offline
environment.
We
don't
yet
have
this
one
for
a
dependency
scanning,
because
assistive
work
in
progress,
so
instead
of
that,
I
will
show
you
what
we
are
currently
working
on.
Is
this
issue
and
type
try
to
work
through
this?
B
So
basically,
what
we
need
to
do
in
our
get
environment
is
making
sure
that
we
are
providing
these
scanners,
which
are
published
as
dr.
images
and
in
the
case
of
dependence,
is
coming.
We
also
need
additional
content
like
the
vulnerability
database,
because
the
way
the
scanner
are
working
is
that
we
have
an
enzyme
which
is
shipped
within
this
analyzer
dr.
images,
but
we
also
have
an
external
venerability
database
that
contains
non
vulnerabilities
for
packages
and
then
Jim
Chinese
matching
this
non-rem
it.
It
is
with
the
dependencies
that
you
are
really
using
within
your
projects.
B
B
B
So
here
we
have
to
change
them
images,
avail
Bokke
tag,
number
two.
We
are
the
same
one
for
the
retired
chess
analyzer
here
topic
number
two
and
we
also
need
the
database
as
mentioned
earlier.
So
here
is
the
repository
where
I
put
the
to
JSON
file
that
are
necessary
for
each
I/o
chess,
which
are
available
over
HTTP
by
using
the
arrow
access
to
the
file
and
finally,
the
gymnasium
database
Advisory
database,
which
is
available
at
a
simple,
a
git
repository.
B
So
now
that
we
have
put
all
this
information
within
the
air-gap
instance,
we
can
configure
the
job
to
run
within
a
negative
environment.
So
this
is
a
small
script
that
I'm
just
copy,
pasting
and
I
will
explain.
Let
me
go
back
here.
I
will
merge
this
mess.
Requests
well,
I
should
not
not
not
a
big
deal.
It
will
work
so
with
just
restarting
you
brown
from
there.
B
So
just
for
the
sake
of
explaining
this,
this
exactly
the
same
thing,
including
the
dependency
scanning
job
and
then
writing
some
variables
to
make
it
working
within
your
getting
pregnant
and
keeping
this
a
gap
check
job.
So
what
we
want
to
do
here
is
to
make
sure
we
are
disabling
the
docking
doctor
mode,
which
is
something
we're
trying
to
get
rid
off,
which
is
leveraging
an
orchestration
layer
so
that
yeah,
just
one
dependencies
can
enjoy.
B
That's
been
a
sub
containers
for
each
of
the
languages
that
are
compatible
with
your
project,
but
this
creates
some
several
drawback
and
we
want
to
get
rid
of
that,
and
this
will
probably
be
difficult.
This
will
probably
be
removed
after
13.0,
so
for
a
gap
support.
We
really
need
to
disable
this
and
use
separate
jobs
for
each
analyzer.
Then
we
need
to
specify
and
tell
the
neither
where
to
find
those
new
docker
images
which
is
achieved
by
specific
this
environment
variable.
B
Here
we
are
using
CI
registry,
which
is
a
peripheral
by
remote
from
the
runner
that
just
replaced
with
this
US
name.
So
both
works
sake
of
demonstration.
Here
then,
we
have
the
retired
GS
jeezum
DV
that
are
set
here
and
the
gymnasium
demo
DB
remote
URL
and
so
just
showing
that
it
is
retiring
out
to
the
garage
isn't
file
as
I
was
showing
earlier
and
now
the
gymnasium
database,
which
is
pointing
to
this
git
repository
with
the
instance.
B
We
also
need
to
disable
the
SSL
check
for
gate,
because
when
we're
trying
to
download
this
door,
it
is
generation
database
as
a
git
repository.
This
will
fail
due
to
as
a
self
signed
certificate.
This
is
something
I'm
working
on
and
currently,
but
in
the
meantime
we
are,
we
need
some
workarounds
to
disable
those
checks.
B
So
we
now
have
multiple
jobs
because
we
are
instead
of
having
this
one
depends
cutting
job.
We
are
digitally.
We
are
disabled
in
doorknocker
mode,
so
we
now
have
two
jobs,
one
for
each
analyzer.
Let's
do
the
check
out
job
here.
So,
as
you
can
see,
the
chainage
am
analyzer
is
now
downloading
the
image
directly
from
this
local
agate
instance
registry.
B
Am
I
on
the
Chinese
on
one
yep
here,
it's
downloading
the
get
that
gemenon
DB
from
this
local
instance
to
running
the
analyzer.
Yes,
and
this
work
successfully
now
what
we
can
see
is
for
retired
GS.
This
is
not
the
same
thing.
It's
actually
trying
to
get
those
two
JSON
file,
but
it's
failing
and
there
is
not
much
logging
there,
but
the
expectation
in
that
there
is
some
SSL
check.
That
is
feeling
here.
So
we'll
come
back
to
this
later,
but
this
is
not
working
for
it's
just
Pacific
phenomena.
B
So
now
that
this
pipeline
has
run,
we
should
see
the
results
in
the
merge
request.
So
you
can
see
we
detected
three
inner
abilities
for
this
was
branch.
It's
a
this
toothbrush
only
because
there
is
no
comparison
point
because
no
from
no,
there
are
no
available
reports
from
the
different
branch.
So
we
can
see
it
found
three
abilities
on
that
dependencies
that
we
added.
There
are
some
links
available
here
pointing
to
some
external
database
and
the
clinician.
This
is
working
again
because
I'm
from
my
machine
and
I
have
access
to
the
Internet.
A
C
F
B
B
B
G
F
D
Most
of
it
was
here
and
there's,
like
obviously
we're
gonna,
but
there's
the
issue
to
complete
the
documentation.
I
think
you
know,
I'd,
like
I'd
like
to
see
the
final
documentation
and
verify
that
you
know
it
makes
sense
like
the
other
ones.
I
have
and
then
sorry
I'm,
just
looking
through
the
word
doc
to
see
if
there's
any
other
points
that
need
a
little
bit
of
work.
D
A
D
D
F
C
B
D
B
B
F
H
F
That
step
to
your
point
like
as
soon
as
one
fails
I
think
we
have
to
like
give
it
like
a
one
or
because
I
think
that's
the
lowest
score
for
anything
that
so
like
when
retired
jazz
fails
or
whatever
we
can't
show
the
results
of
the
pipeline.
We
can't
show
that
particular
language,
and
so
those
both
would
be
dinged
because
show
results
of
pipeline
is
for
everybody
right.
D
And
also
I
in
this
special
case,
this
is
different
than
some
of
the
other
ones.
I.
Think
then
it
since
it
looks
like
there
might
be
different
steps
for
each
analyzer
for
setup
that
from
a
scoring
perspective,
it
might
make
sense
to
you.
You
know
if,
like
it's
only
one
of
the
the
scanners
doesn't
isn't
well
documented,
it
doesn't
make
sense,
then
I,
don't
see
why
you
would
fault
step
two
I
think
I
would
fault
the
step
that
it's
in,
but
that
might
require
I,
don't
know,
I!
Think
no.
A
That's
alright.
What
we
can
do,
I
understand
what
you're
saying,
but
what
we
can
do
is
there's
a
comments
right
next
to
it,
so
we
can
capture
it
on
this
specific
type
and
the
comment
and
and
say
why
you
know
like
step.
Eight
is
a
two
because
of
missing
documentation,
or
what
have
you
so
so?
Does
that
sound,
reasonable
sure.
D
And
then
can
I
ask
one
question
is
well,
which
was
the
so
the
JSON
files
that
you're
pointing
to
you
which
we're
referring
to
because
the
databases
like
like
order,
but
basically
those
are
things
that
contain
what
the
current
listing
of
all
of
the
different
dependency
vulnerabilities
and
that
was
that
what
isn't
the
case
on
reside
in
the
in
the
image.
This.
B
Is
on
the
fires
are
currently
external
and
the
way
we
can
solve
this
for
a
gap
environment
is
to
bundle
them
within
the
instance
buttons.
It
will
come
with
a
new
disks
and
at
that
frequency
that
is
tied
to
our
own
maintenance
policy
are
we
can
find
a
way
to
make
this
working?
I
can
I'm
pretty
sure
this
is
coming
with
certificates
issues,
so
we've
maintained
we
may
manage
to
disable
that
checks
or
provide
a
way
to
provide
custom
certificates.
B
B
D
B
B
B
The
web
IDE-
oh
no,
sorry
I,
cannot
do
that
with
the
reading
the
web
ID,
because
I
need
to
run
the
tool
itself.
So
I
will
go
back
to
my
local
machine
where
I
have
this
repository
available
here
and
what
I
will
do
as
adding
this
new
dependencies
to
the
package
duchies
in
file
and
run
the
npm
install
command.
B
For
the
purpose
of
demonstrating
how,
with
our
security
scanner
is
reacting
to
changes,
put
two
into
the
repository,
this
is
dependent
sustaining,
so
changing
a
line
of
code.
The
source
code
won't
do
anything,
but
the
way
this
will
be
triggered
is
by
adding
new
dependencies
or
removing
existing
dependencies,
which
will
trigger
a
tear
on
the
image
requests,
at
least
a
tree
or
a
defund,
the
result
of
the
scanner.
So
this
has
now
run
and
I'm
looking
back
to
a
log
file
which
is
a
manifest
of
what
is
really
installed
for
that
project.
B
B
C
B
Good
demonstration
of
fishing
to
master
is
dead
and
by
default
rejected
because
it's
a
protected
branch,
so
I
can
not
create
a
rat
request
by
the
way.
With
this
end,
the
link
provided
here
when
you
create
a
new
branch.
It
allows
you
to
have
it
to
recruit
the
criteria
requests.
So
this
merge
request
is
adding
up
tons
of
changes
thanks
to
pondering
the
nun
packages
that
I've
been
added
again.
This
is
just
for
the
sake
of
the
demo.
B
B
B
B
C
B
Actually
I'm
so
I
really
no
idea
why
this
is
not
triggering
a
pipe
last
first
I'm,
very
first
time,
I'm
controlling
this.
Thank
you,
the
demo.
Okay,
so
we
now
have
this
pipeline.
This.
B
B
This
is
a
nun
book.
It's
say
that
the
idea
arose
when
letting
the
results
it's
because
we
are
somewhere
available
and
that
the
pipeline
has
not
been
completed,
and
we
need
to
pipeline
to
complete
to
be
sure
that
all
the
jobs
generating
a
report
have
been
successfully
finished,
though
we
haven't
bring
issues
to
improve
that
by
the
way,
but.
B
I'm
pretty
sure
this
is
gonna
get
choked
yet
like
a
check
was
still
ready,
Donna,
okay,
so
reloading
the
pipeline
should
not
be
completed
and
the
surges
canyon
data.
I
should
show
up
here
so,
as
you
can
see,
it
showed
that
we
had
that
too,
and
you
over
the
lab.
It
is
with
this
much
requests
which
are
on
this
to
add
dependencies.
So.
B
Chicken
I
get
one
was
a
latest
one.
We
also
have
only
two
runners
running
on
this
projects.
I
depend
on
the
the
load
of
the
runner,
that's
driving
your
pooled.
It
depends
on
which
hand
on
either
a
training,
because
each
of
them
may
have
different
implementation,
and
so
it
may
take
longer
than
others.
It
depends
on
the
language
because,
for
example,
here
then
analyzer
is
pretty
simple.
They
are
just
scanning
the
manifest
file.
The
package
isn't
and
get
all
the
information
they
need
from
there.
B
B
G
I
think
this
is
where
we
Nicole
and
I
shadow.
We
want
to
test
like
an
all-in-one
at
the
end
with
the
bigger
2k,
environment
and
I
think
we
can
be
more
lenient
here,
but
let's
keep
an
eye
out
for
performance
when
the
everything
comes
together.
If
it's
taking
long
for
some
jobs
to
come
up,
it
might
be
some
other
improvements.
We
need
to
help
this
group
out,
maybe
some
other
cooking
and
clicks
lights
on
fixes
in
terms
of
performance.
That's.
B
My
yeah,
the
premiere,
is
not
exactly
the
performance
of
these
jobs,
but
the
fact
that
we
have
to
wait
the
will
pipeline
to
complete
before
showing
the
results.
So
we
need
to
adapt
this
way.
We
are
fishing
result
to
be
more
granular,
brazen,
maybe
the
repo
type,
so
that,
if
you
are
all
the
job
that
are
supposed
to
create
dependencies
can
reserves
are
completed,
we
can
show
the
dependencies
getting
results.
D
That
as
part
of
UMD,
but
it
would
be
nice
to
have
you
I,
see
the
point
so
just
to
be
clear.
We
you
think
the
issue
that
you're
into
was
was
just
some
kind
of
mismatch
between
your
local
and
the
server
in
terms
of
that
one
branch.
So
that's
watching
you
to
rebase
to
get
the
pipeline
to
trigger
is
that
we
think
happened.
It
was
kind
of
independent
of
the
thing
this.
B
Is
a
first
time
I
could
do
that.
Obviously
we
always
play
with
the
guitar,
but
common
sense.
We
are
set
up
just
get
concerns
with
the
knowledge
we
have
about
setting
up
a
guitar,
but
we
all
know
all
decent
means.
So
we
may
have
missed
some
things,
but
this
is
a
very
odd
behavior.
To
be
honest,
even
with
having
discrepancies
between
the
master
branch
and
the
feature
branch.
This
should
not
happen
might
be
worth
checking
in
the
logs.
What
happened
there,
but
I'm
not
expecting
this
to
be
something
reoccurring.
D
I
would
I
would
I
would
agree
based
on
my
experience
with
yeah
I
was
I
was
looking
at
it
to
you,
enjoying
with
fighting
the
pipeline
run
so
yeah.
That
seems
to
have
just
been
a
quirk,
since
we
are
getting
revisiting
some
other
things
with
this
one.
We
just
make
a
note
to
like
pay
attention
to
that
to
see
that's
an
additional
issue,
but
I
I
think
that
the
spirit
of
it
definitely
was
my
I.
H
Have
a
quick
question
on
the
merge
request,
page
that
you
were
just
on?
Is
it?
Does
it
normally
show
unknown
:
before
the
vulnerability,
or
is
that
something
due
to
the
aircraft?
This.
B
Is
the
severity
the
only
analyzer
that
is
currently
running,
which
is
gymnasium,
doesn't
yet
provide
the
secret
information
to
the
reported
durability.
This
is
already
available
in
the
database.
We
just
have
one
missing
issue:
to
get
the
information
from
the
database
and
put
into
the
report
to
show
it
introduced.
So
this
may
appear
region,
okay,.
F
B
Alright,
so
step
four
from
the
results.
So
if
you
go
to
the
PI
point
view,
you
can
have
the
full
report
of
what
has
been
found
within
this
specific
branch
of
the
specific
commit
and
the
specific
pipeline,
because
if
you
have
multiple
pipeline
running
on
the
same
commit
you
could
have
different
results
depending
on
the
freshness
of
the
database,
if,
between
the
two
pipelines,
some
that
I've
been
added
there,
but
this
is
unlikely
to
happen
in
that
environment
in
that
demo
by
the
way.
But
this
is
something
that
we
should
be
aware
because
can
happen.
B
So
you
have
the
security
tabs
here,
showing
all
the
remedy
that
have
been
fun
within
that
report
that
you
can
also
feature
here.
We
just
have
dependency
scanning
data,
but
if
you
are
multiple
one
you
can
you
can
also
feature
by
several
ease.
You
get
tons
of
information
here
again.
Some
external
links
may
not
work
depending
on
the
setup
of
your
of
your
environments.
The
u.s.
also
some
internal
links
like
the
project
that
has
been
impacted
by
this,
which
here
is
obvious,
but
in
the
context
offer
a
broader
view.
This
might
be
useful.
B
B
We
don't
have
auto
room
remediation
available
here,
so
you
can
only
create
an
issue
that
you
can
treat
that
process
that
within
your
usual
guilty,
this
is
putting
all
the
metadata.
We
are
into
this
issue
you
can
assign
to
it
and
your
priority
eccentric
cetera.
We
also
should
be
able
to
provide
a
way
to
automatically
create
a
merge
request,
but
this
is
not
yet
available
for
this
kind
of
package
manager.
We
only
support
this
for
a
young
package
manager
and
also
for
Cuttino
scanning,
which
is
another
feature.
B
E
B
You
can
see
what
has
been
dismissed
now
if
I
go
back
to
the
merge
request,
as
I
was
mentioning
earlier,
we
are
just
showing
here
the
differences
between
those
changes.
You've
put
in
this
match
request
and
the
the
the
default
branch,
which
is
your
the
tiger,
grant
recipient
the
master
branch.
At
the
time
you
created
that
feature
branch.
This
is
very
important
to
know
if
your
branch
is
one
thousand
commits
behind
the
master
branch.
This
will
not
be
an
up-to-date
report,
because
your
compare
what
wasn't
master
1,000
comings
earlier.
B
This
is
the
same
thing
at
comparing
without
caught.
So
usually
the
best
practice
is
if
this
is
a
case
and
and
guitar
is
mentioning
that,
by
the
way
that
your
are
on
talent
coming
behind,
for
example,
you
should
rebase
to
make
sure
you
have
an
up-to-date
version
to
compare
here
and
again
here.
You
have
access
to
this
model,
made
a
data,
and
you
can
do
the
same
actions
like
creating
issue
or
just
missing
it
and
here's.
This
is
an
old
design.
B
By
the
way,
we
are
an
upcoming
issue
to
make
this
more
beautiful,
like
we
have
in
that
in
the
Python
view,
I
can
yeah
I
just
explained
why
remediation
cannot
work
here
for
another
project
where
remediation
would
be
available.
This
might
still
not
work
within
the
air
gap
environment.
This
really
depends
on
how
the
remediation
is
being
implemented
in
the
case
of
dependency
scanning.
This
could
be
just
upgrading
the
dependency,
for
example,
I
could
to
remediation
generating
a
patch
that
say
hey.
This
is
fixed
I'm
sure.
That's.
B
So
we
know
we
have
an
issue
with
lodash.
It
says
this
is
fixed
in
417
11.
So
what
the
patch
would
do
is
just
doing
this
running
the
PM
still
having
the
package
like
updated
and
creating
a
merchant
quest
with
those
changes,
so
this
fix
would
work
within
the
a
gap.
Instance,
we
are
able
to
fetch
this
information
from
the
local
registry,
where
you're
altering
all
the
packages.
So
again
the
remediation
might
not
work
everything.
B
We
are
in
the
process
if
the
rhythm
of
documenting
clearly
that
the
remediation
is
that
something
that
work
well
within
air
gap
or
our
fly
environments
I,
should
adapt
my
phrasing
I'm
used
to
say
hair
gap
in
all
the
demo.
I'm
sorry
about
this,
so
this
offline
environment,
anything
else,
oh
yeah,
sorry
showed
that
board.
B
The
dashboard
is
a
view
of
the
latest
is
a
snapshot,
your
latest
status
of
your
project,
so
the
latest
pipeline
that
run
on
the
DFO
branch.
So
we
can
see
the
two
dependency
is
the
the
two
inner
abilities
plus
the
one
dismissed
that
we
add
on
the
master
branch.
I
will
go
ahead
and
merge
this
branch
that
is
adding
two
new
varieties.
This
is
something
we
should
avoid
in
general,
but
this
will
show
you
the
update
that
it
would
cause
on
the
security
dashboard.
B
We
also
have
a
dependence
at
least
available
now,
so
we
have
there
slow
component
where
the
three
non
reliability
that
we
are
found,
and
it's
also
listed
here.
We
have
this
two
tabs
because
you
might
have
a
chance
of
in
our
ability
to
be
other
companies
being
reported
there
and
you
might
just
want
to
focus
on
the
venerable
ones.
So
again
the
varieties
are
shown
here
again.
D
Just
to
be
clear,
while
we're
waiting
on
a
moment
for
that,
the
when
we
add
in
additional
analyzers
or
languages,
we
will
most
likely
see
other
types
of
the
than
unknown.
As
you
mentioned
earlier,
just
the
one
that's
working
happens
to
just
report
unknown,
but
other
ones
do
report
other
types.
So
if
we
include
those
in
a
future,
one
will
we'll
be
able
to
see
different
severa
T's.
Is
that
that
an
accurate
summary
yeah.
B
The
the
metadata
available
for
every
reported
variability
really
depends
on
each
other
because
it
depend
on
the
underlying
scanner
what
they
can
reprocess,
it's
not
something
that
we
are
adding.
This
is
the
case
for
change
agent,
because
the
museum
is
an
in-house
analyzer
and
we
have
dedicated
team
feeding
the
database,
and
so
this
is
what
we
will
soon
at
this.
But
if
we
are
using
an
open-source
tool
that
doesn't
provide
that
information,
there
is
no
way
we
can't
do
it.
B
So
we
now
can
reload
the
dashboard,
sorry
and
we
should
see
the
new
ones
being
added
for
the
other
packages.
So
you
know
have
those
three
additional
ones
here
and
the
different
installation
also
be
updated.
So,
as
you
can
see,
we
now
have
tons
of
new
dependencies
because
JavaScript
l,
when
you
I,
went
at
NC,
you
come.
It
comes
with
a
lot
of
sub
dependencies
and
this
is
where
having
a
dedicated
tab
for
venerable
components
is
relevant,
and
you
also
wanted
to
show
me
to
show
you
the
group
dashboard.
B
B
D
So,
for
that
one
I
mean
my.
My
only
comment
is
would
be
you
know
in
the
future.
It'd
be
nice
to
see
the
the
other
severity
is,
but
everything
work
appropriately.
We
know
that,
as
we
add
those
other
ones
we'll
be
able
to
see,
you
know
other
scenarios,
but
so
I
think
technically
I
have
to
say
this
is
probably
a
five
and
since
we'll
see
those
with
with
the
other
ones
is
okay.
D
A
B
B
Just
for
the
sake
of
simplicity,
this
doesn't
read
you
all
the
steps
that
we've
went
through
this
demo,
because
a
lot
of
the
stuff
is
generic
and
as
far
as
we
have
the
pipeline
running
the
job
running
and
producing
the
report,
all
the
rest
of
the
behavior
is:
why
represent
generic
and
what
we've
graded
with
the
demo
I've
just
made,
should
be
exactly
the
same.
So
what
to
me
is
relevant
to
test
here
for
each
other
languages
is
to
make
sure
we
can't
configure
them
and
make
sure
that
the
job
is
chriskiss
really
raining
getting.
B
A
B
Think
what
we
need
at
least,
to
make
sure
that,
even
if
it's
lime
or
flying,
we
can
go
through
all
the
steps
of
all
those
languages.
If
you
want
to
make
sure
that
we
are
providing
them
and
they
are
working,
whether
it's
relevant
to
do
that
in
license
I,
don't
think
it
is,
but
I'm
fine
doing
it.
It
said
that
it's
a
bit
boring.
D
D
C
B
D
I
know
that
I
think
in
if
you
want
I'm
happy
to
discuss
that
offline,
but
I
think
there's
gonna
be
like
a
common
shared
portion
and
then
there
might
be
like
a
section.
That's
like
if
you're
doing
this,
you
know
yep
you,
these
extra
steps
or
this.
This
becomes
that,
but
I
can
help
with
that.
If
you
want.
G
B
F
B
It's
definitely
one
for
maven,
because
I
tested
it
and
it's
failing.
We
know
it's
failing
right
now
for
NPM.
It
could
be
a
two
because
we
have
this.
Working
with
gymnasium
and
for
yarn
is
the
same,
could
be
working
with
gymnasium,
but
not
with
retail,
yes
about
the
same
reason
of
their
vendor
or
jobs.
I.
D
D
Yeah
I
get
it
oh
yeah
and
I,
don't
think
it
matters
yeah
to.
E
G
D
My
only
language
all
that
good
stuff,
my
only
concern
with
with
that
was
that,
since
we
are
sending
these
two
to
two
different
customers
to
like
review
and
watch,
if
they're
only
watching
the
one
cuz
like
the
person
really
cares
about
dependency,
but
doesn't
care
about
the
other
ones,
they
might
be
lost
or
confused.
That's
that
was
my
only
thought
that
I
think
I
drove
up
to
on
the
last
one
I
mean.
F
D
E
D
Yeah,
the
only
thing
I
would
say
is
if
like
for
one
of
these,
if
we,
if
we
have
another
VM
that
gets
added
to
the
the
offline
Network,
that
needs
to
be
used
for
one
of
these,
like
the
host
maven,
if
we're
doing
that
outside
to
get
lab.
If
we
were
because
that's
something
different,
maybe
that'd
be
worth
mentioning
at
the
beginning
of
that
demo.
If
it
was
the
case
that
was
needed,
that's
all.
If
that
make
sense.
G
Great
before
we
just
an
it's,
an
update
and
I
help
the
call-out
by
updating
the
formula.
So
let
me
just
screen
share
real
quick.
Can
everybody
see
the
scorecard
again?
Yes,
thank
you,
sir.
So
it's
fixed
now,
so
this
should
be
live
and
I
think
the
team
knows
the
pattern
already.
So
this
is
where
we're
at
at
a
dependency
standing
and
maybe
wanna
expand.
The
rest
is
the
same
pattern,
but
I
think
we
should
get
into
a
conjunction
of
one
before
it
ends.