►
From YouTube: GitLab 16.4 Kickoff - Verify:Pipeline Security
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
Hi
there
I'm
Jocelyn
I'm
the
product
manager
for
the
pipeline
Security
Group
here
at
gitlab.
Our
team
focuses
on
two
categories,
mainly
Secrets
management,
which
includes
actual
native
Secrets
management,
as
well
as
integration
with
third-party
Secrets
managers,
variables
and
CI
job
token,
and
build
artifacts.
I
am
here
today
with
our
wonderful
designer
bethica
to
kick
off
Milestone
16.4,
so
super
excited
to
share
what
we
have
coming
up
here
in
our
September
release.
A
A
So
if
you
issues
I'd
like
to
highlight
the
first
one
is
really
introducing
a
global
CI
config
for
ID
tokens,
so
over
the
last
couple,
Milestones
back
in
159.
Actually,
we
announced
a
deprecation
of
JWT
and
as
part
of
that,
a
big
task
was
changing
to
use
ID
tokens
as
the
the
keyword
and
so
I'm,
based
on
the
feedback
that
we
have
received,
you
need
to
help
make
this
transition
and
potentially
other
future
transitions
simpler.
A
We
will
be
introducing
a
global
config
for
ID
tokens
that
you
can
use
in
your
default
yaml
files.
The
other
item
I'd
like
to
highlight
is
special
character,
limitations
and
mass
variables.
We
have
gotten
a
lot
of
interest
in
in
additional
characters
being
masked
in
form
for
our
variables
and
so
we're
doing
a
bit
of
Investigation.
A
We
know
we
have
quite
a
limited
set
of
characters
as
well,
a
special
character,
the
Cami
Mast,
so
we're
investigating
kind
of
what
our
real
limitations
are,
given
that
these
initial
limitations
were
Set,
quite
a
while
back
and
then
on
the
front
end,
as
I
mentioned,
we
are
working
also
on
improving
the
variables
experience,
so
on
is
to
really
add
form
validation
to
variables.
A
This
is
something
that
has
come
up
in
terms
of
feedback
is
not
so
user
friendly,
and
so
we
do
want
to
make
that
user
friendly
experience,
whereas
we're
entering
as
like,
if
I'm
entering
variables
like
I,
understand
whether
or
not
like
I'm
in
the
right
direction
and
then
the
other
thing
actually
I'm
going
to
hop
over
now
hand
this
over
to
vitika
to
talk
about
the
design.
B
Thanks
Jocelyn,
so
this
Milestone,
since
we
have
made
it
considerable
and
good
progress
with
the
secrets,
MVC
work,
we
would
still
continue
like
sharing
our
progress
with
the
audio
adopters
and
getting
more
feedback,
and,
besides
that,
there's
something
something
that
I
really
want
to
focus
on
is
the
very
first
research
for
CA
job
token
experience.
So
this
is
the
first
time
we'll
be
like
speaking
speaking
with
the
users
who
are
using
our
CA
job
token
feature
and
understand
their
requirements
better.
B
This
would
also
help
us
make
progress
on
some
other
issues,
such
as
the
like.
The
improvements
which
are
lined
up
for
the
inbound
flow,
I
hope
I'm,
getting
that
right,
inbound
confusing
sometimes
anyway,
and
looking
at
the
features
that
I'd
be
looking
at
the
two
issues.
The
first
one
is
AD
search
ability
dnci
variables,
so
we
read
a
lot
of
changes
in
how
we
are
presenting
the
CI
variables
between
the
layout
of
the
table.
B
This
description
doesn't
rightly
like,
represent
the
changes,
because
it's
an
old
issue,
and
besides
that,
we
are
also
like
having
a
conversation
around
consolidating
the
group
and
project
tables
at
project
level,
and
on
top
of
that,
200
is
no
longer
the
maximum
number
of
variables
that
can
be
defined
at
project
or
group
level.
So
there
are
a
lot,
many
more
variables
that
products
and
groups
can
accommodate
and
with
everything
else
that
I
just
mentioned,
it
would
become
very
difficult
for
users
to
like
get
to
the
exact
variable
that
they're
looking
for.
B
This
is
one
and
the
other
one
is
yeah.
Front-End
export,
import,
CID,
cicd,
environment
variables,
so
something
that
users
mentioned
would
be
good
is
like
when
you
have
too
many
projects,
and
you
just
want
to
like,
take
or
replicate
environment
variables
from
one
project
to
another.
B
There
should
be
an
easy
way
to
do
that
and
maybe
like
exporting
them
as
a
file
and
just
like
importing
them
on
these
on
the
other
project
can
be
one,
but
we
are
still
like
open
to
exploring
what
can
be
even
easier
method
of
doing
that,
because,
since
we're
talking
about
projects
hosted
within
gitlab
for
now,
so
we
can
definitely
make
use
of,
like
things
being
on
this
one
single
platform
and
having
really
short
actions
to
make
this
happen.
Yeah
and
that's
all
right.
A
Thanks
speaker,
so
yeah
we
got
quite
a
bit
in
store
for
16
for
as
usual,
if
you
have
any
comments,
any
suggestions,
we
absolutely
welcome
them
and
would
love
to
hear
from
from
our
customers
and
yeah.
So
we're
excited
to
get
16-4
kicked
off
here
and
we're
excited
to
to
see
the
results
and
we
hope
you
are
too
thank
you.