►
From YouTube: Container Scanning Air Gap Demo
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
B
B
So,
as
a
first
step,
we
will
try
to
prove
that
this
I
get
instance,
is
disconnected
from
the
internet
by
running
those
few
commands.
So
this
is
calling
that
cat
with
very
verbose
mode.
We
have
a
5
second
time,
I,
would
and
trying
to
reach
out
to
reaches
feed,
get
calm
on
part
4,
4
3
I
can
try
the
same
on
480,
22
and
5000
just
to
make
sure
those
ports
are
all
unreachable
from
that.
B
And
at
the
comparison,
I
can
learn
them
from
we
get
asked
where
you
can
see
that
it
can
successfully
alkanes
as
connections
to
the
corresponding
hosts.
So
from
there
we
should
agree
that
we
are
proving
this
is
a
gap
except
from
the
last
step,
which
needs
to
be
shown
during
pipeline
execution.
So,
let's
keep
it
aside
from
now
and
we
get
back
to
it
later.
B
Sorry
now,
let's
try
first
to
test
the
the
usual
setup
of
containers
can
again
see
how
it's
filling
within
the
air
gap
environment.
So
this
is
a
simple
project
that
just
added
docker
file,
which
is
basically
doing
nothing
except
building
from
an
existing
image,
just
for
the
sake
of
the
demo
and
I
get
labs,
GIM
old
that
just
build
this
image
in
the
pipeline.
So
this
is
the
Virgin
doctor
and
doctor,
so
we
can
run
docker,
build
commands
and
push
it
to
the
registry
of
this
get
lab
instance.
B
As
you
can
see,
the
security
dashboard
is
empty
and
the
configuration
page
so
that
nothing
has
been
configured
for
this
projects.
So
let's
have
a
look
at
the
documentation.
Now
this
is
the
user
documentation
for
container
scanning.
The
configuration
is
just
as
simple
as
copying
those
two
lines
into
the
github
CI
mo
files.
So
we'll
do
that
by
leveraging
the
web
IDE.
B
B
Now
this
one
sorry,
this
one
will
actually
succeed,
because
this
is
this
is
the
bridging
an
existing
image
that
I
really
put
there.
Yes,
this
is
already
using
the
right
image,
so
the
build
step
we
work,
but
the
container
scanning
step
will
fail
because,
as
you
can
see,
this
is
trying,
by
default,
reach
out
to
the
public
registry
from
github.com
to
download
this
image
and
also
to
start
the
clear
DB
database,
which
is
also
not
available
from
here.
B
Okay,
so
this
is
failing.
I
was
expecting
this
repair
just
as
expected.
This
will
be
retried
magical
time
until
this
finally
fail
something
we
can
also
add
here
to
to
verify
that
we
cannot
reach
out
to
the
outside
during
the
execution.
Is
this
little
Alpert
job,
which
is
leveraging
the
out,
pin
latest
docker
image
and
just
executing
a
double
you
get
query
to
register
get
club.com
if
the
command
is
failing,
this
will
successfully
exit.
So
if
we
can
reach
out
the
job
success,
if
we
can
reach
out,
the
job
will
fail.
C
D
B
D
B
C
C
D
B
B
B
We
have
some
explanation
here
about
how
you
could
inject
some
of
the
requirements
required
dependencies
into
the
Agatha's
chance
by
leveraging
the
scripts
and
the
other
is
also
some
dedicated
documentation
for
the
security
features,
and
we
also
already
have
some
documentation
available
for
a
decade
of
containers
getting
itself
so
has
tested
here.
We
need
multiple
things
in
order
to
make
this
work
into
it,
I
get
environment.
The
first
thing
is
to
make
the
Claire
analyzer,
which
is
young,
join
we're
using
available
within
that
instance.
B
This
is
distributed
as
a
docker
image,
and
we
also
need
to
make
the
our
main
cloud
database
vulnerability
database
available,
which
is
also
published
at
the
docker
image.
So
we
have
database
containing
the
number
new
abilities
and
we
have
an
enzyme
that
try
to
make
this
ignorant
abilities
with
the
dependencies
that
you're
using
in
your
docker
image,
and
then
we
have
to
override
our
job
definition.
We
have
what
is
suggested
here,
so
the
two
first
line
are
the
same.
One,
but
then
we
have
this
overriding
here
that
I
will
explain
further.
B
So
just
let
me
reopen
the
Uni
EE
and
add
those
so
I.
Just
have
that
here
so
I'm
are
writing
the
containers
connect
job
to
specify
that
the
Clara
analyzer
is
on
this
specific
URL.
That
I
was
at
that
shortly
and
the
clarity
be
made
available
also
on
this
new
URL,
so
I
need
to
make
those
available
within
the
Key
Club
instance.
B
As
for
all
the
other
demons,
let
me
show
you
quickly
what
we
are
doing
this
here:
I'm
looking
to
the
bastion
host
yeah
SSH
from
there
I
can
pull
the
docker
images
from
the
geekland
cam
registry.
Details
is
reachable
from
there
saving
them
into
local
files
and
then
uploading
them
to
the
air-gap
instance
via
SSH
from
there.
We
can
load
them
into
the
registry
to
make
them
available,
see
I
chose
so
for
the
sake
of
time.
B
I've
already
done
that,
and
those
images
and
Clara
image
is
already
available
so
showing
you
quickly
the
script
that
was
used
here
just
taking
so
few
images
I
need
putting
them
locally,
saving
just
being
and
sending
them
over
to
SSH.
This
is
the
IP
address
of
yoga
testing
stuff,
because
this
is
the
script
that
I
used.
They
are
not
available
there
and
to
show
it
to
you.
I
will
just
look
at
the
container
registry
pages
from
this
project,
we're
asking
them
so
the
Claire
analyzer,
with
the
tooth.
B
The
tags
is
available
here
and
a
bunch
of
other
images
that
I
need
I've
been
uploaded
to
this
namespace.
So
we
have
the
claire
database.
Here
we
have
the
darker
stable,
stable
document
appear
here,
and
the
web
got
image
that
is
being
used
in
the
toka
file
as
the
base
image
that
can
I
show
you
back
here.
So
when
we
try
to
build
this
image,
we
are
just
getting
that
one
here
and
creating
a
new
one
from
there.
So
I
just
need
to
take
those
values
and
put
that
into
my
key
clabsi
IML
file.
B
B
We
are
looking
at
ways
to
improve
that,
so
you
could
overwrite
things
just
with
environment
viable
without
having
to
specifically
override
this
job,
which
is
great
because
it
take
up
all
the
settings
from
the
job
names
and
make
it
make
us
more
available
to
chain
that
later
and
also
you
can
set
up
an
environment
variable
a
different
level
within
guitar
project
and
group
love,
etc.
So
you
will
not
be
for
not
businesses
ready
to
override
that
in
every
project.
Yes,
idea.
B
Because
I
skipped
one
step
on
purpose,
which
is
a
third
one
which
have
that
if
you
are
running
yogi,
claps
efforts
an
instance,
we
have
a
self
since
self
signed
certificate.
Then
we
will
have
some
issues
when
some
tools
needs
to
communicate
over
SSL
to
users
encrypted
endpoints,
because
I,
don't
trust
that
certificates
we
are
currently
working
on
providing
exist
as
a
configuration
to
all
hours.
Three
limiters,
there
are
sometimes
some
workarounds.
B
So
here
what
is
the
currently
documented
is
a
workaround
to
set
the
doctrine,
see
true
value
to
true,
but
this
might
not
be
something
that
we
want
to
consider
as
a
final
solution,
so
I'm
just
trying
to
speed
things
up
a
bit
and
while
she's
running
I
will
update
the
doctor,
the
collapsium
will
fight
you
at
this
one
and
small
good
char.
Here
we
need
to
use,
quotes
or
double
quotes
here.
So
we
need
to
update
the
documentation.
B
B
So
why
is
he
running
again?
I'll
get
ahead
a
bit
and
show
you
how
we
can
set
this
out
in
a
more
correct
way,
so
I'm
removing
on
proposes
viable
here
and
I
will
come
in
that
shortly
after
and
what
I
will
use
instead
is
an
environment
viable
that
we
contain
this
certificate
here?
So
I
can
go
to
the
project
settings
here.
It
is
so
in
the
project
settings
I
can
configure
environment
variables
here
up
story.
This
is
my
own
one,
so
this
is
already
configured
there.
B
This
is
a
bright
project
we're
looking
at
so
there
is
nobody
a
little
configured
there.
So
looking
at
the
documentation,
we
can
configure
an
additional
just
a
trundle
with
this
variable.
So
let's
go
back
here,
add
it
there
and
taking
the
value
extracted
by
mo
by
the
way.
Thank
you
for
that
and
I
get
here.
So
I've
just
got
you
passing
the
value
here.
B
I
will
wait
before
saving
so
that
we
can
see
complaining
the
previous
example
so
just
to
remind
you,
this
is
third
pipeline
running
with
the
docker
and
secure
setting,
as
you
can
see
here
as
its
bypassing
the
check.
It
can
successfully
connect
and
it
does
the
analysis
which
is
passing
reporting.
All
those
variable
is
so
if
I
go
back
to
the
merge
request,
I
should
not
be
able
to
see
those
being
reported
here,
so
we
not
220
videos
that
are
shown
here
and
again.
We
have
the
ready
model
from
there.
B
B
D
A
C
Yes,
so
I
think
all
that
was
good,
I
think
the
only
action
item
out
of
there
was
that
we
we
were
gonna,
put
the
quotes
in
the
docks
around
the
true
which,
which
you
know
I,
can
even
do
as
a
merger
profess
myself.
If
you
want
no
big
deal
but
I
think
that
was
the
only
thing
that
wasn't
perfect.
On
that
four
point:
nine.
B
C
B
Okay,
so
this
is
still
failing,
so
I
won't
spend
much
time
with
this,
but
it
was
working
on
my
test.
So
probably
I
just
did
something
wrong
in
to
copy
testing,
but
this
is
that
part
of
the
muca
we'll
just
keep
it
in
make
sure
to
retest
that
correctly,
and
we
probably
would
put
that
as
a
score
cat
to
grade
later,
like
making
sure
that
we
can
set
up
secure
stem
cells.
B
Okay.
So,
let's
move
on
to
the
next
step,
so
I
would
merge
that
so
that
it
causes
two
of
the
dipole
branch.
Again,
as
you
can
see
nothing
at
the
security
dashboard
because
it's
not
in
the
Barrows.
This
was
not
running
on
the
Dever
branch.
So
by
merging
this
we
would
have
a
pipeline
running
at
the
master
branch,
which
is
a
different
one,
and
that
would
then
feed
the
six
region
dashboard
and
we'll
make
the
configuration
page
showing
that
this
is
setup.
B
Why
this
is
running
like
it
just
closed
all
those
other
it
is
okay,
so
why
is
this
is
running
I'll,
go
back
and
move
to
the
next
step,
which
is
about
providing
in
that
date.
So,
as
we
are
test
mean
docker
images,
there
is
no
much
point
I'm
making
a
chance
to
how
the
card
itself,
because
it's
not
really
what
is
impacting
the
image
we
are
scanning
and
steady
here.
What
we
can
do
is
chance
docker
file
to
change
the
image
and
see
what
will
be
the
changes
that
are
cut
back.
B
B
B
So
we
could
do
some
church
changes
into
the
into
the
source
code
that
could
impact,
but
it's
harder
I
mean
to
to
find
some
change
that
will
impact
our
ability,
so
this
is
way
interested
in
these
shortcodes
of
having
a
different
image
so
that
we
still
show
the
same
behavior,
because
whatever
the
source
of
the
change
is
what's
relevant
in
that
we
are
creating
a
merge
request
that
creates
some
changes
in
the
number
of
invitees
that
gets
recorded.
If
ever
it
is
by
fixing
existing
remedies
or
adding
new
ones.
B
C
B
This
will
see
I'm
not
I,
use,
put
things
to
demonstrate
here,
because
this
will
make
the
merge
request.
You
connector
eight,
because
the
merger
quest
is
comparing
what's
RAM
on
this
feature
Bradley,
but
you
add
on
the
brunt
the
target
branch
which
is
master
here
so
okay,
the
pipeline
complaining
so
I,
can
show
you
the
pipeline
view.
We
have
a
security
tab
here,
showing
all
the
revenue
that
got
reported
into
that
specific
pipeline.
B
A
B
Sorry
Olivia
there's
the
number
151
change
over
time
or
you
expect
it
to
be
the
same
for
the
course
the
demo
and
should
be
checked
for
that
number.
It
could
change
depending
on
which
version
of
the
database
is
being
used.
This
is
something
needs
to
be
taken
into
account
as
we
are
leveraging
I
mean
when
you
are
checking
a
proc
internal
scan,
your
abilities,
you
have
the
enjoin
and
you
have
the
Realty
database
and
this
one
can
evolve
over
time.
B
B
Okay,
should
we
make
it
a
checkpoint
in
the
demo
or
then
what
we
can
if
we
make
sure
that
nobody
is
overriding
the
clear
database,
we
could
change
and
instead
of
using
this
tag,
which
is
the
latest
one,
we
could
define
a
specific
tag
that
we
use
for
the
demo.
That
says,
please
do
not
override
and
make
sure
that's
a
stable
okay,
I'll
step
back.
I
think
is
too
much
too
much
yeah.
C
B
D
D
D
C
D
B
B
B
So
we
were
probably
are
using
a
different
scanner,
which
was
called
class
scanner,
which
was
made
by
the
author
of
Claire,
but
it
was
not
matching
our
needs,
so
we
had
to
switch,
and
this
is
another
open
source
tool
that
provides
more
flexibility
and
allow
us
to
do
more
things.
And
this
is
why
we
are
anyway.
Even
if
it
was
to
link
the
class.
B
Can
you
would
slap
two
different
tools
to
our,
and
this
is
open
the
same
case
for
a
lot
of
scanners
when
they
rely
on
an
external
database,
because
your
body
are
a
different,
really
schedule
for
the
the
in
giant
cell
and
the
database,
and
this
might
be
another
challenge
to
address.
I
gave
environment
because
people
would
have
to
redo
this
regular
update
of
the
database
they're
having
their
local
network.
Well,.
D
B
D
B
B
B
B
This
one,
yes,
so
what
we
are
comparing
is
what
we
found
in
this
future
branch
with
what
was
found
in
the
target
branch.
But
at
the
time
you
created
that
feature
branch,
at
least
when
going
back
into
the
get
eastery.
We
are
going
back
to
the
the
closest
command
point
in
history.
So
if
you
have
a
new
Manu
pipeline,
Romanian
master
providing
the
reports.
It
won't
be
compared
here,
because
this
is
not
the
reference
point
we
are
comparing
with.
B
C
B
Okay,
so
this
is
obtaining
sticker
file,
just
close
this
one.
Oh
no!
This
was
a
good
one.
Sorry
I
can
reopen
it
okay,
so
this
one
is
corrects,
and
this
is
kind
of
showing
the
correct
comparison.
We
now
have
the
scanner
sure
that
the
widget
script,
which
is
telling
that
we
are
fixed,
16900
variance
with
this
merge
request.
So
this
is
not
showing
the
full
report
as
we
had
before,
because
we
are
a
conversion
points.
B
B
D
C
D
B
B
We
are
this
critical
room
that
has
been
fixed
if
I
look
here,
I
can
see.
So
this
is
based
on
the
previous
master
pipeline.
This
is
a
security
world,
so
showing
what
we
have
a
master
we
can
see.
We
have
this
CDE
in
a
PT
package,
which
is
pretty
cool,
which
has
been
fixed
by
the
merge
request
that
I've
just
merged.
Ok.
B
So
now,
if
the
pipeline
is
running
so
successfully
after
the
Mirage,
which
is
just
finished
now,
if
I'm
ruler
were
reloading
this
page,
this
one
should
be
gone
because
it
should
have
been
fixed
by
the
merge
request.
We
just
merge
and
yes,
this
is
gone
now
we
paste
from
three
to
two
critical
grab.
It
is
and,
of
course,
the
configuration
page.
B
So,
as
for
any
liabilities,
the
beta
I
mean
the
work
flow.
Is
you
know
for
any
repo
type?
Here
we
are
showing
the
available
data.
Every
links
that
are
outgoing
links
like
this
one
might
work
on
my
upward,
depending
on
how
the
house
you're
using
the
house,
you
are
on
to
access.
This
information
is
connected
on
that
to
the
internet.
B
There
are
also
internal
links
that
obviously
work,
because
this
is
within
the
instance
itself.
There
are
some
suggestions
proposed
some
time
and
this
could
be
available
as
a
remediation.
In
some
cases,
I
won't
go
too
much
into
detail
here,
because
it
would
work
I
mean
we
already
know
that
the
way
we
are
doing
the
term
mediation
for
casinos
cutting
and
it
won't
work,
because
this
is
currently
requiring
I
mean
the
creator
of
one
available
to.
B
D
B
If
you
want
to
enable
solutions
for
vulnerability,
you
first
need
to
set
this
I
can
do
it
and
show
you,
but
we
are
running
out
of
time,
but
what
this
will
do
is
will
enable
access
to
the
file
system,
so
the
container
scanning
tool
will
see
there
is
a
docker
file
available
here
and
will
look
at
it
and
try
to
inject
there.
I
mean
to
find
a
patch
to
inject
there
so
that
we
can
correct,
but.
B
You
can
add
this
command
that
will
take
the
gypsy,
for
example,
here's
gypsy
library,
which
is
containing
that
one
of
the
flow
you
want
to
fix,
but
this
obviously
need
to
get
access,
shows
this
library,
newest
version,
which
again
depend
on
your
environment.
So
if
you
are
going
through
a
proxy
that
allows
that
kind
of
connection
that
might
work,
if
you
don't,
this
would
just
break,
and
you
cannot
build
there
in
the
darker
image.
B
C
B
B
B
And
it's
just
fun
toes:
does
it
okay?
But
if
you
have
a
tour
nation
available
here,
you
have
a
new
button.
That
said
create
a
magic
words,
but
you
also
can't
download
a
patch.
So
what
we
can
do
is
an
engineer
until
nodding
the
pad
rebuilding
the
image
locally
and
pushing
it
back
to
the
darker
distance,
make
it
available
in
the
again
environment
but
again,
dependents
are
the
policy
to
inject
data
into
the
GUP
instance.