►
Description
Includes milestone kick-off for 13.12
A
Welcome
to
our
weekly
meeting
for
our
container
security
group
alexander
looks
like
you've
got
the
first
item.
B
Yes,
let
me
open
up
the
thing
right,
so
we,
the
thing
I'm
going
to
demo
is
well.
I
don't
have
it
ready
to
demo
yet,
but
l7
network
policies
are
now
working
for
threat
monitoring.
There
was
an
issue
with
saving
them
and
viewing
them
all
because
of
the
ammo
parsing,
but
actually
sam
put
up
the
original
code
to
fix
this
issue,
and
then
I
sort
of
just
added
to
it
and
clean
it
up
a
bit
and
so
now
all
seven
policies.
Network
policies
can
now
be
saved,
which
is
great.
A
Awesome
yeah
thanks
alexander
for
for
finishing
that
up
and
getting
it
actually
working.
So
on
our
next
item,
I
just
wanted
to
take
him.
Normally,
we
don't
talk
through
bugs
as
like
planning
breakdown
here,
but
I
thought
it
might
be
useful
just
to
talk
through
a
couple
of
fleas
to
raise
the
visibility
for
the
rest
of
the
group
since
they
are
affecting
the
ui
here
in
the
policy
editor.
A
A
Annabelle
was
suggesting
to
remove
this
grayed
out
area
entirely
and
just
show
the
error
so
that
you
know
there's
no
reason
to
show
it
since
they
can't
use
it.
If
we're
not
able
to
parse
the
policy
open
question
as
well.
I
think
right
now,
in
this
issue
or
out
to
annabelle
about
the
description
field,
then
we
also
have
another
related
item
here
where
today,
in
our
mocks,
we
show.
A
This
is
actually
a
good
good
mock
right
here
we
have
the
name,
the
description,
the
environment
and
this
toggle
are
all
available.
Some
of
these
elements
are
defined
in
the
yaml
itself.
So
when
you
switch
into
yaml
mode,
you
actually
define
the
description
and
the
enabled
disabled
status
there.
So
we
want
to
clean
that
up
so
that
there's
only
one
place
on
the
screen
at
any
given
time
to
define
things
and
that
would
involve
keeping
the
name
and
environment
up
at
the
top,
but
moving
the
description
and
the
enabled
disabled
status
down
lower.
A
So
it's
actually
part
of
this
rule
mode
tab
and
then,
when
you
switch
into
yaml
mode,
those
elements
would
not
be
present
because
they're
going
to
be
defined
in
the
ammo
itself.
So
this
is
something
that
I
missed
early
on.
You
know,
I
think
we
all
missed
it
quite
frankly,
just
in
our
design
reviews,
but
really
we
should
only
have
one
place
on
a
page
to
define
something
or
we
do
have
two
places.
Then
we
should
implement
some
kind
of
two-way
synchronization
between
them,
but
ideally
just
one
place.
A
This
is
something
to
keep
an
eye
on.
As
well,
because
when
we
start
implementing
our
scan
execution
policies,
the
name
actually
is
defined
in
the
yaml.
So
that's
a
different
key
difference
there
to
note
between
network
policy
types
and
scan
execution
policy
types
is
that
for
network
policies,
the
name
is
a
separate
field,
whereas
for
scan
execution
policies,
the
name
would
be
defined
in
the
yaml.
A
So
we'd
actually
want
to
hide
that
name
name
area
as
well
when,
when
we
get
to
that-
and
I
think
that's
reflected
in
the
mocks
I'll
use
for
not
having
this
up
ahead
of
time.
A
So
when
we
do
start
to
build
this
out
in
the
ui,
the
mock
here
for
this
does
not
have
a
name
text
box
because
that's
being
defined
here
in
the
yaml.
So
again,
just
something
to
note.
We
want
to
be
a
little
bit
more
cognizant
than
we
of
that
than
we
have
been
in
the
past,
making
sure
again
that
there's
only
one
place
in
the
ui
to
define
these
things.
B
C
C
C
C
This
is
something
that
we've
been
wanting
to
do,
which
is
load
testing.
The
alerts
feature
to
make
sure
that
you
know
if,
if
there's
a
deluge
of
alerts
coming
in
from
agent
k
from
your
kubernetes
cluster,
we
won't
crash
a
gitlabs
instance.
C
Second,
one
is
a
follow-up
for
for
the
security
orchestration
feature
that
that's
still
under
behind
the
feature
flag
identified
as
a
maintainer.
We
always
try
to
do
follow-ups
as
soon
as
possible.
C
Moving
on
to
one
of
our
priorities,
which
is
this
extend
das
policy
to
support
schedule
execution?
That's
that's
part
of
the
the
schedule,
epic
schedule
scans,
epic.
C
Issue
to
look
at
the
new
trivia
scanner
that
we're
replacing
claire
retrieving
container
scanning
and
we
want
to
review
the
existing
keyway.
We
we're
on
the
impression
that
a
lot
of
the
tests
that
were
being
done
as
end-to-end
tests
are,
are
now
done
as
part
of
the
container
scanning
project
as
specs
and
they're
a
lot
quicker
to
run.
C
So
we
don't
have
to
use
the
end-to-end
process
for
that
and,
if
there's
anything
that
we
do
need
to
use
end
to
end
for
we,
we
want
to
take
a
look
at
as
part
of
this,
the
things
that
are
ready
for
development.
We
we
want
to
be
able
to
measure
usage
of
the
features.
So
that's
an
issue
issue
to
add
that
this
is
part
of
implementing
the
shadow
scans.
Some
database
changes.
C
This
is
part
of
the
db
rapid
action.
It's
a
request
that
came
from
the
the
the
initiative.
There's
there
have
been
some
performance
issues
in
production
and
we've
been
asked
to
look
at
our
our
backyard,
our
own
backyard,
and
see
if
we
can
find
anything
there,
I'm
not
expecting
to
find
heaps,
but
the
scope
is
in
there
if
anybody
wants
to
have
a
look,
something
that
we've
been
working
on.
C
It's
blocked,
because
this
is
both
for
front
end
and
backhand
by
the
way
it's
blocked,
because
zamir
and
alexander
are
currently
doing
their
training
and
we'll
progress
in
it.
As
soon
as
that
happens,
another
follow-up
from
the
previous
feature,
then
we
have
a
spike
to
look
at
starboard,
which
is
part
of
the
epic
to
scan
containers
running
in
production.
C
We
have
another
spike
to
check
what
wouldn't
be
needed
to
use
ubis.
Those
are
red
hat.
Although
your
screen
is
not
updating
there,
you
go
see.
Let
me
see
if
I
stop
and
start
again
thank.
C
A
C
C
So
so
the
next
issue
is
the
spike
for
ubi
universal
based
images,
they're,
red
hat
images
and
in
theory
you
should
be
able
to
just
use
them,
but
in
practice
it's
all
very
different
and
we
need
to
test
it.
So
that's
why
it's
there
and
finally,
there's
a
separate:
it's
not
very
common
to
have
separate
issues
for
documentation.
C
We
typically
do
documentation
as
part
of
features,
but
in
this
case
there's
there's
quite
a
bit
to
clean
up
due
to
the
change
from
claire,
to
trevi
so
we
will
be
doing
that
and
that's
all
the
news
that's
fit
to
print
for
back
end
alexander,
any
questions.
B
B
Yeah
thank
thank
you.
I
will
use
that.
I
will
try
to
share
my
screen.
Let's
see
what
happens
so
here
we
are
for
1312
for
the
front
end
issues
for
this
milestone.
I
will
also
start
with
refinement
policy.
Editor
yaml
mode
ui
is
not
synchronized
properly.
Sam
just
went
over
that.
So
I
will
not
repeat
it
going
to
write
for
development,
create
a
drawer
to
show
on
alert
select,
so
this
is
when
you're
on.
Do
I
have
the
page
open?
B
Yes,
when
you're
here?
Oh,
this
is
a
little
preview
for
everyone.
It's
coming
down
the
pipeline
right
now,
when
you
click
on
the
name
of
an
alert,
it'll
open
up
to
alert
details
page,
we
want
a
more
general
click
along
the
entire
row
here
that
will
open
up
a
drawer
on
the
right
hand
side.
So
you
don't
have
to
drill
into
the
details
page,
it's
very
similar
to
what
we
have
here
for
policies
we
want.
We
want
this
same
thing,
but
for
alerts.
B
Oh
boy,
okay,
I
have
forgotten
where
which
that
was
mine
create
an
instant
from
an
alert
that
is
always
already
available
through
the
details
page.
The
remaining
work
is
simply
to
create
this
column,
which
you
see
here
and
to
show
the
users
and
allow
them
to
click
to
the
instant
from
there.
B
The
tests
just
need
to
be
written
for
that,
similarly
assign
an
unassigned
an
individual
to
alert
that
is
already
available
through
the
details
page,
we
are
just.
We
need
to
add
a
column
for
that.
We
also
need
to
make
sure
that
you
can
assign
an
individual
through
the
drawer
threat,
monitoring
policy,
page
design,
bug
new
rule
does
not
auto
populate
unload.
Yes,
that's
right.
I
do
know
about
that,
one.
B
That
is
when
you
go
to
create
a
policy
and
zooms
in
your
way,
no
new
policy
here,
okay,
gk,
is
down,
but
basically,
when
you
create
a
new
policy,
you
have
to
click
the
new
rule
button
to
create
a
new
one,
and
this
is
gonna
create
one
automatically
for
you
truncate
issue
on
the
right
side.
Yes,
that
is
again
on
the
details.
Page
there's
just
some
overflow
with
the
assignees
name
that
we
need
to
clean
up,
improve
knowledge.
I
need
to
do
that.
B
That
is
basically
training
for
end-to-end
testing
so
that
we
can
create
some
end-to-end
tests
for
the
alerts,
which
is
great
this
one
I'm
going
to
remove
from
our
team,
because
no,
how
what
is
this
one
actually
follow
up,
add
router.
I
think.
D
One
thing
to
add
to
what
alexander
just
said
was
in
the
last
two
milestones:
the
front-end
team
aka
alexander,
with
some
contribution
from
some
back-end
full
stack
engineers
have
closed
15
points
or
weights
a
weight
of
15
in
the
last
two
milestones,
so
we
have
a
little
under
that,
which
means
there's
a
little
bit
of
maybe
capacity
to
pull
something
from
the
next
milestone,
if
possible.
C
B
B
C
D
C
A
Thanks
everyone,
it's
been
great
going
through
these
things
today
and
I'm
looking
forward
to
the
13
12
release
sam
by
your
silence.
I
think
you're
happy.
A
It
looks
good
and
yep
thanks
for
joining
today
have
a
great
week.
Everyone.