►
From YouTube: GitLab 16.3 Kickoff - Verify:Pipeline Security
Description
Take a look at what we have planned for 16.3!
A
Hi
I'm
Jocelyn
I
am
the
product
manager
for
the
pipeline
Security
Group
here
at
gitla.
Our
areas
of
focus
are
the
secrets
management
category,
which
includes
integration
and
secrets
management
as
well
as
CI
variables
and
CI
job
token.
The
other
area
that
this
team
focuses
on
is
build
artifacts
I'm
here
today
with
our
wonderful
designer
beethica
to
kick
off
Milestone
16.3
and
share
a
bit
of
what
we
have
planned
so
coming
up
in
16
3.
A
A
We're
also
continuing
to
wrap
up
some
build
artifact
cleanup
issues
if
you've
been
following
our
our
videos,
our
delightful
videos,
you'll
know
that
we've
been
working
on
unlocking
a
few
things
around
the
keep
latest
artifact
setting
and
then
and
we'll
dig
into
what
more
people
to
get
into
it.
A
little
bit
more
around
our
secrets,
management
solution,
Concepts
and
ideas
work
that
we're
going
to
continue
to
be
focusing
on
as
we
we
do
acknowledge
that
Secrets
management
is
a
very
popular
request
for
git
lab
as
well.
A
So
a
couple
of
the
items
that
I
would
like
to
highlight
are
are
going
to
be
like
the
ones
kind
of
on
the
front
end
in
terms
of
improving
that
user
experience.
So
one
of
the
first
things
we're
going
to
do
is
start
at
adding
pagination
to
the
group,
variables
tables
and
we're
doing
this,
because
a
lot
of
folks
have
have
voiced
that
there
are
a
lot
of
variables
and,
and
the
table
just
becomes
very
large
and
somewhat
unwieldy
on
a
single
screen.
A
So,
oh,
we
are
focusing
on
adding
that
pagination
we're
also
adding
some
clarity
around
the
CI
job.
Token
settings
language
as
well,
and
we
will
also
be
making
modifications
to
variable
accretion
and
editing.
A
So
if
you
look
in
the
issue,
you'll
see
here
rather
than
having
a
form
which
we've
previously
had,
will
actually
be
switching
over
to
to
the
drawer
so
and
and
also
really
improving
the
validation
experience,
because
it's
a
little
less
ideal
ideal
right
now
and
then
I
will
turn
it
over
to
bethica
to
talk
about
the
design
work.
We
have
planned.
B
Thanks
Jocelyn,
so,
first
of
all,
I
wanted
to
touch
upon
the
progress
that
we
are
making
with
the
secrets
management
POC
yeah.
We
took
some
time
because
we
really
wanted
to
be
very
sure
with
our
requirements
that
we
that
we
would
be
starting
off
with
for
the
proposal
and
at
this
point,
we're
feeling
very
comfortable,
because
we
had
like
multiple
rounds
of
researchers.
We
had
sketching
exercise
internally,
which
was
a
lot
of
fun
because
all
the
Engineers
on
the
team
and
the
product
manager,
everybody.
B
They
came
together
to
like
Express
their
views
about
what
they
would
like
to
see
as
features
as
a
part
of
us.
The
secrets,
management
solution,
and
now
the
next
step
is
for
me
to
like,
come
up
with
the
very
very
first
design
proposal
like
the
draft
and
share
with
all
of
you.
So
we
would
also
be
looking
at
conducting
an
officer
for
our
early
adopter
program,
signees
and
yeah.
So
look
forward
to
that,
you
would
be
receiving
some
communication
and
some
platform
very
soon.
B
B
This
is
also
something
that
was
validated
through
a
very
recent
research
that
we
performed,
and
luckily
we
already
had
a
three
years
old
issue
open
for
it.
That
right
now
just
to
create
a
CI
variable
through
the
UI
under
different
environment.
Scopes,
one
has
to
like
really
go
and
create
the
same
variable
and
assign
them
to
different
environment
scope.
Each
time,
which
is
like
it's
a
lot
of
work.
B
So
we
just
want
to
simplify
this
particular
workflow
and
make
sure
that
we
allow
like
while
we,
while
users
are
adding
variables,
they
should
be
able
to
specify
the
different
values
for
different
or
different
environment
Scopes,
and
the
next
one
is
something
that
came
out
of
merge
request
that
was
I.
B
Think
was
a
community
contribution
that
there
are
certain
instances
where,
when
users
create
a
CI
environment,
variable
and
use
variable
type
instead
of
file
type,
then
just
for
a
particular
set
of
use
cases
it
could
lead
to
like
it
could
lead
to
leaking
into
content
leaking
into
job
logs,
which
can
of
course
be
a
security
incident.
B
So
to
make
sure
that
we
are
very
clearly
communicating
like
what
are
the
consequences.
And
what
is
what
are
the
like
information
that
your
users
require
to
make
a
decision
while
creating
a
variable.
We
would
be
adding
some
help
text
on
the
add
variable
model
like
while
you
select
the
type
a
little
more
explanation
about
why
you
should
go
with
a
particular
type,
and
that
is
all
that
looks
less.
But
it's
actually
quite
a
lot
with
the
POC
for
it
included.
So
yeah.
A
Awesome
thanks,
bethika
I,
know
myself
the
team
and
I'm
sure
a
lot
of
others
are
very
excited
to
to
see
progress
on
on
the
secrets
POC
for
anyone
watching
and
is
interested
in
learning
more.
You
can
certainly
reach
out
to
myself
and
beethica
and
happy
to
to
share
more
information
all
right.
Well
that
wraps
up
our
16.3
planning
thanks
Vivica
and
we're
excited
hope
you
are
too.