►
From YouTube: GitLab 13.3 Kickoff - Defend:Container Security
Description
This is the kickoff for the GitLab Container Security group for the 13.3 release.
Container Security priorities issue: https://gitlab.com/gitlab-org/gitlab/-/issues/222791
Create/edit/delete policies epic: https://gitlab.com/groups/gitlab-org/-/epics/3403
A
Hi,
my
name
is
Sam
white
I'm,
the
senior
product
manager
for
the
container
security
group
here
at
Yale
up
and
today,
I'll
be
doing
our
release
kickoff
for
our
thirteen
three
release.
We
have
a
new
container
security
priorities
issue
open
here
that
you'll
notice,
which
is
our
new
approach
to
prioritizing
for
this
iteration.
Here
we
have
basically
a
list
of
everything
that
we're
working
on
and
what's
coming
up
in
the
near
term
roadmap.
For
the
thirteen
three
release,
we
decided
to
really
focus
on
enhancing
our
policy
management
experience.
A
So
already
today,
you
can
view
policies
but
we'll
be
adding
a
new
button
up
here
so
that
you
can
create
a
new
policy
and
you
can
also
click
on
one
of
these
policies
to
view
some
more
of
the
details
here.
In
the
side
panel
and
once
you're
in
here,
you
can
click
Edit
policy
which
will
take
you
to
this
screen
where
you
can
go
ahead
and
edit
that
policy
by
default,
it
will
show
you
just
the
gamal
editor,
which
is
pretty
consistent
with
most
products
in
the
space.
A
Let
you
edit
the
amyl
directly
for
network
policies
when
you're
applying
container
security.
However,
we
want
to
take
that
one
step
further
and
we
want
to
also
offer
a
rule
mode,
and
so
the
user
can
come
in
and
they
can
pick
either
VMO
mode
or
rule
mode
if
they
click
on
yum
on
rule
mode,
it
takes
them
to
more
of
a
visual
experience.
A
This
is
aimed
at
helping
somebody
who
has
not
worked
with
the
amyl
files
or
network
policies
before
they
may
or
may
not
be
familiar
with
the
kubernetes
network
policy
specification,
and
so
this
takes
that
yellow
file
and
it
transforms
it
into
a
human
readable
sentence.
So
you
can
basically,
you
know,
read
it
and
notes
what
it
does.
You
know
if
network
traffic
is
inbound
to
pods,
with
the
labels
out,
Twitter,
API
and
so
forth.
A
Then
take
these
actions
in
this
case
we're
choosing
to
allow
the
network
traffic
you'll
notice
that
you
still
get
a
preview
over
here
at
the
gamble,
that's
being
generated
as
you
edit
the
file,
whereas
you
make
changes,
and
you
can
also
switch
over
to
rule
mode
to
get
another
simple,
text-based
description
of
exactly
what
that
policy
is
doing.
Finally,
will
allow
the
user
to
come
down
here
and
delete
the
policy
if
they
want
to
get
rid
of
it,
so
that
they're
able
to
fully
manage
their
policies
here
in
the
gate
lab.
A
You
lie
again
we're
really
looking
forward
to
this.
We
feel
like
this
is
a
pretty
significant
innovation
in
the
container
security
space
and
we're
both
from
capture
any
feedback
that
you
may
have
on
this.
If
you
have
ideas,
thoughts,
feedback
on
the
direction
that
we're
taking,
please
feel
free
to
comment
in
any
of
our
issues.
Thanks.