►
From YouTube: GitLab 13.1 Kickoff - Secure:Composition Analysis
A
We
are
working
to
remove
darker
and
darker.
It
should
finish
up
in
13.0,
but
I
think
there
might
be
one
or
two
stragglers
that
possibly
go
into
13,
1
or
13.
None
of
them
should
impact
anyone
using
our
product.
However,
I
just
wanted
to
be
aware:
it's
not
completely
gone
out
of
the
system,
yet
we
also
are
continuing
some
post
MVC
work
on
offline,
secure
scanning
for
self
hosted
instances
which
is
mostly
concentrated
around
the
license.
Compliance
scanners,
getting
some
of
the
less
popular
languages
worked
on.
A
If
you
have
set
up
an
offline
environment
and
do
you
have
any
notes
about
areas
that
the
documentation
can
improve
or
the
experience
could
improve,
please
feel
free
to
make
comments
in
the
post
MVC
epic.
Also.
We
always
like
to
make
sure
we
are
addressing
high-priority
bugs
any
performance
issues
or
similar
items.
So
we've
got
a
good
handful
of
bugs
p1
and
p2
to
work
on
during
this
release.
We
don't
really
have
anything
in
the
backlog
available,
related
to
performance,
reliability,
availability
or
UX
debt
at
this
time.
A
Luckily,
so
it's
mostly
just
concentrating
and
knocking
out
a
bunch
of
bugs
that
crept
up.
One
of
the
goals
that
we
haven't
talked
about
before
is
ast
leadership.
We
had
been
discussing
it
and
finally
got
around
to
formalizing
that
as
a
goal
for
this
year
and
how
that
relates
to
our
team
is
that
we
need
to
get
dependency
scanning
to
complete,
and
that
was
something
we
had
wanted
to
do
anyway.
A
But
we
just
kind
of
connected
that
with
this
goal,
which
actually
affects
other
groups
as
well,
and
we
had
spent
the
last
week
or
so
with
the
development
team
discussing
what
exactly
this
means.
A
lot
of
it
right
now
is
still
up
for
debate,
we're
going
to
need
some
user
feedback
and
user
interviews
to
actually
solidify
some
of
these
items.
A
And
then
we've
got
a
bit
of
work
around
a
lot
of
remediation
I
had
mentioned
it
last
time
we're
working
to
introduce
a
bot
so
that
not
only
when
we
suggest
NMR
as
a
solution
to
a
finding,
would
you
be
able
to
click
it,
but
you
could
say
that
you
would
like
this
bot
account
to
be
able
to
automatically
create
that
and
run
the
pipeline
for
you,
so
that
you
could
see
the
results
of
that.
So
we
started
working
on
it
last
time.
A
We're
going
to
continue
working
through
and
I
expect
it
so
gonna
take
another
couple
releases
before
everything
is
really
available
in
the
front
end.
But
if
you
again
have
any
thoughts
about
that,
we
would
love
to
hear
it.
We're
hoping
to
make
this
a
much
more
automatic
process
for
those
of
you
who
enjoy
these
suggested
solutions
that
we
have
in
the
product.
A
And
finally,
before
the
cutoff
point,
we've
got
tying
up
some
work
around
remodeling
the
way
that
we
did
severity
and
confidence
aligning
with
industry
standards.
Ru
Eckstein
did
some
really
good
research
and
found
that
some
of
our
terms
didn't
quite
a
line
or
were
unclear.
So
we've
got
some
tool,
tips
and
modal's
and
documentation
updates,
as
well
as
a
couple
UI
updates,
and
so
that
should
be
tying
up
soon.
A
There's
some
migration
of
data
in
the
backend
that
needs
to
happen,
but
hopefully
this
will
help
everyone
much
more
intuitively
understand
what
we're
saying
is
we're
going
to
better
align
with
industry
standards
and
finally
for
license
compliance.
A
lot
of
people
have
had
confusion
around
the
steps
involved
in
order
to
successfully
set
up
a
policy
and
have
that
policy
enforced
by
a
security.
Marriage
request
approval,
so
we
are
attempting
to
improve
that
process
and
if
that
flow
works
out
well
we're
going
to
apply
that
to
dependency
scanning
as
well.