►
From YouTube: 15.11 Milestone Kickoff - Verify:Pipeline Security
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
Hi
there
I'm
Jocelyn
I,
am
the
product
manager
for
the
pipeline,
Security
Group,
here
at
gitlab
and
I'm
here
today,
to
kick
off
Milestone
15.11
with
our
designer
Vivica
just
to
get
started.
I
wanted
to
also
like
introduce
the
pipeline
security
group.
We
are
new,
and
so
this
is
actually
our
first
Milestone
Kika
for
our
team.
A
So
the
areas
that
we
are
primarily
responsible
for
are
build
artifacts
and
secrets
management.
Secrets
management
includes,
like
Secrets
manager,
Integrations.
It
includes
CI
job
token
work
as
well
as
CI
variables,
so.
A
Get
us
kicked
off
here
in
1511,
as
I
mentioned,
our
group
is
new,
so
we'll
be
focusing
on
a
lot
of
the
items
that
are
wrapping
up,
build
artifacts,
so
so
we're
continuing
to
do
that
as
well
as
taking
on
some
variable
work.
A
So
for
the
artifacts
we
have
finished,
implementing
the
artifact
deletion,
but
to
Major
bags
that
we
do
want
to
resolve
are
that
our
job
artifacts
in
both
the
block
pipelines
are
always
marked
as
latest
as
well
as
the
field
pipelines,
and
so
these
are
two
two
issues
that
we
do
want
to
resolve
prior
to
any
sort
of
rollout
of
storage
enforcement,
because
we
know
these
are
are
issues
that
really
help
accumulate,
build
artifacts
faster
than
they
should.
A
B
Thanks
Jocelyn
all
right,
so
the
first
one
here
this
is
an
issue
for
discouraging
user
from
using
cic
CI
CD
variables
for
their
Cloud
providers
secrets.
So
we
want
to
discuss
the
practice
of
using
basic
cicd
variables
for
storing
cloud
provider
secret,
and
rather
we
want
to
point
our
users
to
the
documented
practices
of
using
gitlab
oidc
provider
instead.
So
it's
a
small
step,
yes,
but
we
strongly
feel
that
this
will
make
a
good
impact
and
will
help
make
our
users
workflows
more
secure.
B
B
Now
users
want
to
see
that
on
the
UI
that
which
variables
will
be
available
in
the
pipeline
versus
not
so
if
we
go
further
like
down
in
the
description,
we'll
see
that
the
author
of
the
issue
has
also
provided
screenshot,
which
is
very
helpful
that
for
our
own
variables
in
the
project,
we
are
able
to
see
like
which
ones
are
protected
and
which
ones
are
masked,
but
for
the
inherited
ones
that's
not
available,
and
that
kind
of
creates
some
sort
of
confusion.
B
That's
what
we
want
to
like
work
on
and,
lastly,
adding
description
field
to
the
cicd
variable
setting.
So
it's
difficult
for
users
to
understand
which
variables
serve
what
purpose
in
their
software
development
process.
B
The
list
can
run
really
long
because,
of
course,
we
need
a
lot
of
variables
and,
while
browsing
through
those,
it's
very
hard
to
understand
like
what's
the
purpose
that
they're
serving.
So
there
is
a
design
that
was
worked
on
by
a
designer
on
on
the
team.
B
Previously,
it's
not
attached
to
this
issue,
but
we'll
be
kind
of
taking
that
and
making
some
modifications
to
that
and
we'll
make
sure
that
it's
like
much
easier
for
users
to
understand
like
what's
the
purpose
of
a
variable
that's
listed,
and
that
should
be
all
back
to
you.
Jocelyn.
A
Awesome
thanks
speaker.
So
yes,
as
I
mentioned,
we
are
a
new
team.
We
are
getting
used
to
working
with
each
other
and
our
new
scope
of
work.
So
we
are
really
excited
to
be
kicking
this
off
and
we're
excited
to
see
all
the
work.
The
team
you
know,
gets,
gets
done
and
we're
looking
forward
to
bringing
a
lot
of
new
features
and
designs
to
our
to
our
space.
So
thanks
for
listening,
bye.