Hello and welcome to the 12.7 release kickoff for the runtime application security group that I am matt wilson senior product manager for defend stage and actually filling in for Sam Kerr is the normal product manager for this release. So let's jump right in and see what we have scheduled for two twelve seven release.

We'll take a quick peek at the runtime app SEC board for the twelve seven release. We've got two main items that we're going to be targeting for this release. We're gonna start with the second one. First, the wave statistics reporting. This is actually a it's. A very large item. That's carried over from the last two releases, we've just missed it on the twelve six release, so we're going to tie it off in twelve seven.

As a quick recap, we have statistics, reporting is really trying to let the users go, have a step of visibility beyond what was in the MVC of adding the laughs to the defence stage. So right now, you can't really see what the wave is doing in terms of traffic blocking allowing how much it's actually even processing. So this is going to allow a minimal amount of information that is not available today in the gitlab UI here. This is an example of what we intend for a new section of the dashboard to look like.

So you see, we've got a new threat and monitoring section, which is going to be under the security and compliance menu item off to the side, and it's just going to give a high-level overview. You'll see total requests and how much that was anomalous traffic, so very basic, but it is the first visual indication of what kind of traffic is being processed by the way. So, again, that's carry over from 12 6 and we are targeting 12 7 for releasing that feature.

The second thing we have is custom rules for Web Application Firewall.

So this is something important that will help take the wave from its current minimal maturity to viable, and really this is building on top of the out-of-the-box default. Non customizable rule set that it ships with today so by adding the custom rules for the 1/2 we're going to allow users to start configuring. This can be things like how they're tuning for false positives, false negatives or even performance impacts on the cluster, depending on how the rules are configured likely not going to be a UI.

As part of this release, we are working with our UX team to figure out the best way to kind of expose the experience of configuring and tuning laugh roles in the gitlab UI. So for now we're actually proposing this Graham here is to allow the user to actually specify a file or list of files with mod security rules, probably using an environment variable.

We are going to do this as a first step towards really allowing a a little bit more point-and-click through the aisle on UI long term, but for now, if you know mod security rules that you would like to enable, or just we're going to have a way to actually do that directly within the gate live environment. As with the regular graph, this will be a gate lab ultimate exclusive functionality as well, so that covers it.

That is, those are the two major release items that we'll be targeting for 12:7 and as always, we look forward to whenever this function, how it's going to come out and thanks for watching.