►
From YouTube: Secure: Threat Insights 13.6 Release Kickoff
Description
See what we're working on for 13.6.
A
A
I
don't
want
to
spend
too
much
time
on
it.
So
I'll
mention
briefly.
Some
of
the
things
that
are
in
flight-
and
we
can
expect
out,
will
include
an
updated
version
of
the
vulnerability
trends
over
time,
a
completely
new
interactive
widget
that
is
going
to
be
on
the
project
dashboard
first
and
then
we'll
move
that
up
into
the
group
and
the
instance
or
renamed
us
to
security
center
dashboards.
A
We
will
have
the
special
references,
which
are
the
characters
that
you
can
use
to
quickly
refer
to
an
object
in
a
comment
in
gitlab
or
like
a
description.
We'll
have
those
four
vulnerabilities
and
we've
also
got
a
few
things
related
to
the
pipeline
so
on
the
project
dashboard,
seeing
which
pipeline
was
run
most
recently
against
the
default
branch
as
well
as
if
there
were
any
failure
cases.
So
if
you
need
to
go
and
investigate,
perhaps
there
was
something
that
went
wrong,
and
that
means
the
security
reports
might
be
out
of
date.
A
A
So
let
me
show
a
little
bit
of
what
we're
thinking
here.
So
we've
got.
This
is
just
the
design
mock-up
which
we're
finalizing
and
planning
to
implement.
So
all
the
standard,
jira
integration
configuration
details
are
here.
What
we're
adding
is
you
can
enable
this
jira
issue
creation
from
vulnerabilities.
Now
this
is
pretty
cool
because
it
means
you
can
actually
do
your
vulnerability
management
from
a
project,
a
group
or
the
security
center
vulnerability
list.
A
A
So
it's
going
to
take
that
from
from
your
jira
integration,
your
project
level
configuration,
and
it's
going
to
ask
you
for
your
issue
type.
This
is
also
kind
of
cool
because
it
really
varies
by
you
know:
company,
by
team,
it's
kind
of
a
preference.
Do
you
want
a
bug?
Do
you
want
a
story,
a
task?
You
might
even
have
a
custom
issue.
So,
if
you
just
put
in
the
issue
key,
you
can
actually
target
any
of
those
types.
A
Sorry
a
lot
to
get
through
here,
so
you'll
notice,
the
difference
is
pretty
subtle.
So
this
is
a
regular
vulnerability
object
or
a
page
pretty
standard.
But
when
you
have,
the
integration
turned
on
you'll,
see
related
jira
issues
instead
of
just
related
issues,
and
this
create
issues.
Button
has
actually
become
a
create
jira
issue,
the
flow's,
pretty
simple:
it
actually
pushes
the
details.
A
It
takes
the
title
and
pushes
that
into
the
title
on
the
jira
side,
and
then
it
takes
everything
in
the
description
and
pushes
that
into
the
description
of
your
target,
object
or
issue
type.
So
you'll
see
a
little
indication
that
it's
loading
and
then,
whenever
it
comes
back,
it
actually
provides
the
link
back
to
the
new
issue
id
you
can
see
the
title
over
here,
along
with
the
this,
is
the
jira
id
for
that
particular
item
and
if
you
click
that
it
will
take
you
directly
into
jira
into
that
new
issue
type,
it's
pretty
cool.
A
The
other
thing
that
we've
been
designing
for
a
while
and
we're
going
to
move
forward
with
very
soon
we'll
start.
The
motions
in
136
is
manually
creating
build
a
vulnerability
so
prior
to
this,
every
vulnerability
that
you
saw
in
the
security
dashboards
emrs
the
pipeline
security
view
all
came
from
a
security
scanner
outputting
a
report
of
their
findings.
A
This
is
going
to
be
really
helpful
for
a
lot
of
different
internal
use
cases.
I'm
sure
we
can
even
imagine
all
of
the
ones
that
you're
going
to
use
for
them,
but,
for
instance,
let's
say
that
you've
got
a
you
know
a
bug,
bounty
program
and
it
doesn't
get
a
whole
lot
of
traffic.
So
it's
not
really
worth
setting
up
an
integration
for
you
may
choose
to
just
go
and
take
information
from
there
and
manually
create
vulnerabilities.
A
You
may
have
internal
reports
of
vulnerabilities
that
you're
handling
through
issues,
or
maybe
it's
email
or
just
slack
messages.
This
is
a
great
way
to
just
fill
out
this
form.
You'll
see
it's
got
all
the
standard
details.
You
would
expect
for
a
vulnerability
name,
a
description.
Of
course
you
get
to
pick
your
severity.
These
are
the
same
classifications
that
we
normalize
all
the
scanners
to.
A
If
you
have
a
cwe
the
weakness
you
can
put
that
in
there.
That's
of
course
helpful
information
for
determining
just
kind
of
the
classification
of
the
vulnerability
you
can.
Even
this
will
pop
out
to
the
cvss
calculator
and
you
can
input
the
specific
cvss
score
as
well
as
the
vectors
inside
of
here
for
even
further
details
on
exactly
what
the
exploit
looks
like
or
the
potential
exploit
and
some
other
information
you
can
input
as
well.
You
know
files
or
component
types
affected
if
there's
a
solution
available
and
things
of
that
nature.