14 Sep 2023
This video is a quick walkthrough through the planning process for the Security Policies team.
It follows a few simple instructions available here:
0. All links to boards are available here: https://gitlab.com/alan#my-dashboards
1. Check the current milestone board to see if anything needs to be refined or started but has not yet started. If so, move them to the next milestone.
2. Check the priorities list, check Epics scheduled for the following two milestones, move all related work to the next milestone, and mark these issues as Deliverables. Also, verify if issues in these Epics are enough to complete the work described in the Epic.
3. Look at bugs for the team and see if there is anything with high priority that needs to be solved within the next milestone.
4. Now, look at the Planning board for the next milestone. Check for the team's capacity and calculate it for the next milestone; based on that, you can specify what you would like to achieve. And decide what we need to do and what can be postponed (Deliverable/Stretch)
5. Look at how many issues and weights you have in the current milestone. Decide if we should postpone something (note that we will be able to discuss this with the Product team),
6. Prioritize them in the Planning Board (Deliverables at the top, Stretch at the bottom).
It follows a few simple instructions available here:
0. All links to boards are available here: https://gitlab.com/alan#my-dashboards
1. Check the current milestone board to see if anything needs to be refined or started but has not yet started. If so, move them to the next milestone.
2. Check the priorities list, check Epics scheduled for the following two milestones, move all related work to the next milestone, and mark these issues as Deliverables. Also, verify if issues in these Epics are enough to complete the work described in the Epic.
3. Look at bugs for the team and see if there is anything with high priority that needs to be solved within the next milestone.
4. Now, look at the Planning board for the next milestone. Check for the team's capacity and calculate it for the next milestone; based on that, you can specify what you would like to achieve. And decide what we need to do and what can be postponed (Deliverable/Stretch)
5. Look at how many issues and weights you have in the current milestone. Decide if we should postpone something (note that we will be able to discuss this with the Product team),
6. Prioritize them in the Planning Board (Deliverables at the top, Stretch at the bottom).
- 1 participant
- 19 minutes
8 Sep 2023
This video presents our script's initial phase to prepare an automatic demo environment: https://gitlab.com/gitlab-org/govern/security-policies/projects/automatic-demo-environment.
- 1 participant
- 7 minutes
5 Jul 2023
A breakdown of the UX enhancements that are coming to the Scan Execution Policy workflow in %16.2.
For more information or feedback, see the epic (https://gitlab.com/groups/gitlab-org/-/epics/8695)
For more information or feedback, see the epic (https://gitlab.com/groups/gitlab-org/-/epics/8695)
- 1 participant
- 2 minutes
24 Apr 2023
This short video contains information needed for contributors that would like to add manual test cases for features related to Govern: Security Policies group.
Project: https://gitlab.com/gitlab-org/govern/security-policies/projects/test-cases/
Project: https://gitlab.com/gitlab-org/govern/security-policies/projects/test-cases/
- 1 participant
- 17 minutes
18 Feb 2023
Group page: https://about.gitlab.com/handbook/engineering/development/sec/govern/security-policies/
Planning Process: https://about.gitlab.com/handbook/engineering/development/sec/govern/sp-ti-planning.html
Priorities: https://about.gitlab.com/direction/govern/security_policies/#priorities
Group board: https://gitlab.com/groups/gitlab-org/-/boards/1754674?milestone_title=Started&label_name%5B%5D=group%3A%3Asecurity%20policies
EM README page: https://gitlab.com/mparuszewski
Planning Process: https://about.gitlab.com/handbook/engineering/development/sec/govern/sp-ti-planning.html
Priorities: https://about.gitlab.com/direction/govern/security_policies/#priorities
Group board: https://gitlab.com/groups/gitlab-org/-/boards/1754674?milestone_title=Started&label_name%5B%5D=group%3A%3Asecurity%20policies
EM README page: https://gitlab.com/mparuszewski
- 1 participant
- 9 minutes
10 Jan 2023
Closing ceremony for FCL for Govern: Security Policies team.
Pre-recording: https://youtu.be/ZpOxrCIPguY
Incident: https://gitlab.com/gitlab-com/gl-infra/production/-/issues/8159
RCA: https://gitlab.com/gitlab-org/gitlab/-/issues/387556
FCL: https://gitlab.com/gitlab-com/feature-change-locks/-/issues/34
Pre-recording: https://youtu.be/ZpOxrCIPguY
Incident: https://gitlab.com/gitlab-com/gl-infra/production/-/issues/8159
RCA: https://gitlab.com/gitlab-org/gitlab/-/issues/387556
FCL: https://gitlab.com/gitlab-com/feature-change-locks/-/issues/34
- 3 participants
- 14 minutes
9 Jan 2023
This is pre-recorded summary of work related with FCL for Govern: Security Policies team.
Incident: https://gitlab.com/gitlab-com/gl-infra/production/-/issues/8159
RCA: https://gitlab.com/gitlab-org/gitlab/-/issues/387556
FCL: https://gitlab.com/gitlab-com/feature-change-locks/-/issues/34
Incident: https://gitlab.com/gitlab-com/gl-infra/production/-/issues/8159
RCA: https://gitlab.com/gitlab-org/gitlab/-/issues/387556
FCL: https://gitlab.com/gitlab-com/feature-change-locks/-/issues/34
- 1 participant
- 13 minutes
21 Sep 2022
This is a recording from the meeting Container Scanning Transition Sync Session, where we have discussed the transition of Container Scanning feature, from Govern:Security Policies to Secure:Composition Analysis.
- 3 participants
- 6 minutes
12 Sep 2022
Related to https://gitlab.com/gitlab-org/gitlab/-/issues/372790
This is a short walkthrough of GitLab Container Scanning analyzer repository for developers to help transition the source code to new group.
This is a short walkthrough of GitLab Container Scanning analyzer repository for developers to help transition the source code to new group.
- 1 participant
- 17 minutes
17 Aug 2022
Related to https://gitlab.com/gitlab-org/gitlab/-/issues/341358
This video presents a demo recorded in the local environment to present the current progress of the work for Cluster Image Scanning scan enforced by Security Policy in the connected cluster.
NOTE: This demo is presenting a work that was not yet merged to GitLab, the behavior or configuration might change during the review process.
This video presents a demo recorded in the local environment to present the current progress of the work for Cluster Image Scanning scan enforced by Security Policy in the connected cluster.
NOTE: This demo is presenting a work that was not yet merged to GitLab, the behavior or configuration might change during the review process.
- 1 participant
- 4 minutes
20 May 2022
Issue: https://gitlab.com/gitlab-org/gitlab/-/issues/362744
Snippet with the script: https://gitlab.com/gitlab-org/gitlab/-/snippets/2328089
Snippet with the script: https://gitlab.com/gitlab-org/gitlab/-/snippets/2328089
- 1 participant
- 8 minutes
18 May 2022
Container Scanning is now available for all GitLab tiers. Get started today!
https://docs.gitlab.com/ee/user/application_security/container_scanning/
https://docs.gitlab.com/ee/user/application_security/container_scanning/
- 1 participant
- 1 minute
5 Nov 2021
Documentation: https://docs.gitlab.com/ee/user/application_security/cluster_image_scanning/#cluster-image-scanning-with-the-gitlab-kubernetes-agent
Epic (leave your feedback here): https://gitlab.com/groups/gitlab-org/-/epics/3410
Epic (leave your feedback here): https://gitlab.com/groups/gitlab-org/-/epics/3410
- 1 participant
- 10 minutes
6 Sep 2021
In this demo we are adding new scans to Security Policies: Cluster Image Scanning and Container Scanning. This allows us to enforce running Cluster Image Scanning and Container Scanning scans defined in the policy or schedule scans to run periodically.
Issue: https://gitlab.com/gitlab-org/gitlab/-/issues/330714
MR: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/69253
Issue: https://gitlab.com/gitlab-org/gitlab/-/issues/330714
MR: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/69253
- 1 participant
- 12 minutes
14 Jul 2021
https://docs.google.com/document/d/1qCwZfoo1A-FihE2ifzd4ZT_Mpz-xFzZvAPJ7pJvWCEY (internal document)
- 5 participants
- 40 minutes
12 Jul 2021
In this video, I'm trying to reproduce the bug: https://gitlab.com/gitlab-org/gitlab/-/issues/296219 where the remediations created have fixes grouped for multiple vulnerabilities, whereas the bug states that the fixes are not grouped.
- 1 participant
- 2 minutes
9 Jul 2021
Demo of new feature introduced in GitLab 14.1.
More information: https://gitlab.com/groups/gitlab-org/-/epics/3410
Documentation: https://docs.gitlab.com/ee/user/application_security/cluster_image_scanning/index.html
More information: https://gitlab.com/groups/gitlab-org/-/epics/3410
Documentation: https://docs.gitlab.com/ee/user/application_security/cluster_image_scanning/index.html
- 1 participant
- 10 minutes
9 Apr 2021
Short-term Compliance Epic: https://gitlab.com/groups/gitlab-org/-/epics/3156
Short-term Security Orchestration Epic: https://gitlab.com/groups/gitlab-org/-/epics/4598
Long-term Shared Vision Prototype: https://gitlab-org-threat-management-defend-demos-policy-mock.34.83.185.53.nip.io/group_create.html#
Feedback Issue: https://gitlab.com/gitlab-org/gitlab/-/issues/326520
Short-term Security Orchestration Epic: https://gitlab.com/groups/gitlab-org/-/epics/4598
Long-term Shared Vision Prototype: https://gitlab-org-threat-management-defend-demos-policy-mock.34.83.185.53.nip.io/group_create.html#
Feedback Issue: https://gitlab.com/gitlab-org/gitlab/-/issues/326520
- 2 participants
- 11 minutes
12 Feb 2021
- 2 participants
- 55 minutes
8 Feb 2021
Cluster integration & Cluster management apps (aka. GMA v2) walkthrough:
- https://www.youtube.com/watch?v=mKm-jkranEk
Cilium and Ingress (through GMA v2) installation walkthrough:
- https://www.youtube.com/watch?v=pgUEdhdhoUI
Cilium&Ingress in your local dev environment:
- https://www.youtube.com/watch?v=R2O2Y8_MrQ8
Gitlab k8s agent docs:
- https://docs.gitlab.com/ee/user/clusters/agent/
- https://www.youtube.com/watch?v=mKm-jkranEk
Cilium and Ingress (through GMA v2) installation walkthrough:
- https://www.youtube.com/watch?v=pgUEdhdhoUI
Cilium&Ingress in your local dev environment:
- https://www.youtube.com/watch?v=R2O2Y8_MrQ8
Gitlab k8s agent docs:
- https://docs.gitlab.com/ee/user/clusters/agent/
- 1 participant
- 20 minutes
5 Feb 2021
In this video we are going through some spikes related to Security Orchestration Policy and we are presenting current state of the work and general idea of how this could be implemented on the backend side.
This part of the video shows changes made in https://gitlab.com/gitlab-org/gitlab/-/merge_requests/52661/diffs?commit_id=e3cab09feb477f68688ee28db81592886e168053
This part of the video shows changes made in https://gitlab.com/gitlab-org/gitlab/-/merge_requests/52661/diffs?commit_id=e3cab09feb477f68688ee28db81592886e168053
- 1 participant
- 4 minutes
5 Feb 2021
Issue: https://gitlab.com/gitlab-org/gitlab/-/issues/299137
Also available with transcript at https://gitlab.zoom.us/rec/play/e6XlY_mvoNFM3-aVtQWKoBcOv0NxyFOb7xYoKhdCfux5k5SjcGoXt6h6jVXabHttlveRY2nfnfRPLrJT.3ajg5AU2IJ2Gyolo?continueMode=true&_x_zm_rtaid=E5s8gXsPRPeiXVHqA7sTrg.1612486799070.3410145e0576a7b55a3267f35dd3558d&_x_zm_rhtaid=344 (internal link)
Also available with transcript at https://gitlab.zoom.us/rec/play/e6XlY_mvoNFM3-aVtQWKoBcOv0NxyFOb7xYoKhdCfux5k5SjcGoXt6h6jVXabHttlveRY2nfnfRPLrJT.3ajg5AU2IJ2Gyolo?continueMode=true&_x_zm_rtaid=E5s8gXsPRPeiXVHqA7sTrg.1612486799070.3410145e0576a7b55a3267f35dd3558d&_x_zm_rhtaid=344 (internal link)
- 4 participants
- 36 minutes
2 Feb 2021
For the "happy path" video, see https://www.youtube.com/watch?v=R2O2Y8_MrQ8
Documentation used:
- https://docs.gitlab.com/ee/user/clusters/applications.html#install-cilium-using-gitlab-cicd
- https://docs.gitlab.com/ee/user/clusters/management_project.html#usage
- https://docs.gitlab.com/ee/user/application_security/threat_monitoring/#container-network-policy
Documentation used:
- https://docs.gitlab.com/ee/user/clusters/applications.html#install-cilium-using-gitlab-cicd
- https://docs.gitlab.com/ee/user/clusters/management_project.html#usage
- https://docs.gitlab.com/ee/user/application_security/threat_monitoring/#container-network-policy
- 3 participants
- 34 minutes
1 Feb 2021
Gitlab GDK:
- https://gitlab.com/gitlab-org/gitlab-development-kit#gitlab-development-kit-gdk
Minikube setup:
- Dev onboarding: https://gitlab.com/gitlab-org/threat-management/onboarding/-/blob/master/.gitlab/issue_templates/ContainerSecurity-TechnicalOnboarding.md#minikube-and-local-registry-on-macos
- Cilium related info: https://docs.cilium.io/en/v1.8/gettingstarted/minikube/#getting-started-using-minikube
- Minikube official docs: https://minikube.sigs.k8s.io/docs/start/
Adding existing cluster to GitLab:
- https://docs.gitlab.com/ee/user/project/clusters/add_remove_clusters.html#existing-kubernetes-cluster
Creating cluster management (GMA v2) project:
- https://docs.gitlab.com/ee/user/clusters/applications.html#usage
Assigning a cluster management project to a cluster:
- https://docs.gitlab.com/ee/user/clusters/management_project.html
Install Cilium and Ingress through GMA v2:
- https://docs.gitlab.com/ee/user/clusters/applications.html#install-cilium-using-gitlab-cicd
- https://docs.gitlab.com/ee/user/clusters/applications.html#install-ingress-using-gitlab-cicd
Managing CiliumNetworkPolicies through Threat Monitoring:
- https://docs.gitlab.com/ee/user/application_security/threat_monitoring/
Environmental variables:
- https://docs.gitlab.com/ee/user/project/clusters/#deployment-variables
- https://gitlab.com/gitlab-org/gitlab-development-kit#gitlab-development-kit-gdk
Minikube setup:
- Dev onboarding: https://gitlab.com/gitlab-org/threat-management/onboarding/-/blob/master/.gitlab/issue_templates/ContainerSecurity-TechnicalOnboarding.md#minikube-and-local-registry-on-macos
- Cilium related info: https://docs.cilium.io/en/v1.8/gettingstarted/minikube/#getting-started-using-minikube
- Minikube official docs: https://minikube.sigs.k8s.io/docs/start/
Adding existing cluster to GitLab:
- https://docs.gitlab.com/ee/user/project/clusters/add_remove_clusters.html#existing-kubernetes-cluster
Creating cluster management (GMA v2) project:
- https://docs.gitlab.com/ee/user/clusters/applications.html#usage
Assigning a cluster management project to a cluster:
- https://docs.gitlab.com/ee/user/clusters/management_project.html
Install Cilium and Ingress through GMA v2:
- https://docs.gitlab.com/ee/user/clusters/applications.html#install-cilium-using-gitlab-cicd
- https://docs.gitlab.com/ee/user/clusters/applications.html#install-ingress-using-gitlab-cicd
Managing CiliumNetworkPolicies through Threat Monitoring:
- https://docs.gitlab.com/ee/user/application_security/threat_monitoring/
Environmental variables:
- https://docs.gitlab.com/ee/user/project/clusters/#deployment-variables
- 1 participant
- 26 minutes
27 Jan 2021
In this video we are explaining the idea of having Security Orchestration Policies as Repository with YAML files instead of other idea to store them in database.
You can read more about that idea here: https://gitlab.com/groups/gitlab-org/-/epics/4598 and the code that was presented during this video is available here: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/52661
You can read more about that idea here: https://gitlab.com/groups/gitlab-org/-/epics/4598 and the code that was presented during this video is available here: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/52661
- 1 participant
- 13 minutes
14 Jan 2021
In this video we are going through 2 spikes related to Security Orchestration Policy: https://gitlab.com/gitlab-org/gitlab/-/issues/280314 and https://gitlab.com/gitlab-org/gitlab/-/issues/280314 and we are presenting current state of the work and general idea of how this could be implemented on the backend side.
- 1 participant
- 8 minutes
12 Jan 2021
DAST Project-level Scan Execution Policies (https://gitlab.com/groups/gitlab-org/-/epics/4598)
Spike: How to add a job that doesn't exist in .gitlab-ci.yml to a pipeline (https://gitlab.com/gitlab-org/gitlab/-/issues/280315)
Spike: How to run a scheduled pipeline with one security job (https://gitlab.com/gitlab-org/gitlab/-/issues/280314)
Spike: How can we fail a pipeline depending on conditions set in Scan Result Policy (https://gitlab.com/gitlab-org/gitlab/-/issues/280313)
Spike: How Gitlab configuration inheritance works (https://gitlab.com/gitlab-org/gitlab/-/issues/282420)
Spike: How to add a job that doesn't exist in .gitlab-ci.yml to a pipeline (https://gitlab.com/gitlab-org/gitlab/-/issues/280315)
Spike: How to run a scheduled pipeline with one security job (https://gitlab.com/gitlab-org/gitlab/-/issues/280314)
Spike: How can we fail a pipeline depending on conditions set in Scan Result Policy (https://gitlab.com/gitlab-org/gitlab/-/issues/280313)
Spike: How Gitlab configuration inheritance works (https://gitlab.com/gitlab-org/gitlab/-/issues/282420)
- 2 participants
- 25 minutes
21 Oct 2020
A walk through of the pages and code that are related to container security and how to test it both locally and in production
- 2 participants
- 25 minutes
15 Oct 2020
- 1 participant
- 10 minutes
24 Sep 2020
Demo prepared as a part of the proposed solution for https://gitlab.com/gitlab-org/gitlab/-/issues/216983.
In this video we are presenting how to achieve Active Response engine with simple Go application and Falco, that can run scripts that are using ie. kubectl, curl, or any other bash commands.
In this video we are presenting how to achieve Active Response engine with simple Go application and Falco, that can run scripts that are using ie. kubectl, curl, or any other bash commands.
- 1 participant
- 6 minutes
16 Jul 2020
GitLab provides Cilium as a managed application enabling you to work with Network Policies. Network policies in Kubernetes, detect and block unauthorized network traffic between pods and to/from the Internet.
This video shows Network Policies in action and how you can install Cilium as a GitLab managed application.
Follow @awkwardferny and @gitlab on twitter. 🐦
Installing Cilium as a Gitlab managed application: https://docs.gitlab.com/ee/user/clusters/applications.html#install-cilium-using-gitlab-cicd
RoadMap for Container Network Security: https://about.gitlab.com/direction/defend/container_network_security/
Network Policy Rules: https://kubernetes.io/docs/concepts/services-networking/network-policies/
Get in touch with Sales: http://bit.ly/2IygR7z
This video shows Network Policies in action and how you can install Cilium as a GitLab managed application.
Follow @awkwardferny and @gitlab on twitter. 🐦
Installing Cilium as a Gitlab managed application: https://docs.gitlab.com/ee/user/clusters/applications.html#install-cilium-using-gitlab-cicd
RoadMap for Container Network Security: https://about.gitlab.com/direction/defend/container_network_security/
Network Policy Rules: https://kubernetes.io/docs/concepts/services-networking/network-policies/
Get in touch with Sales: http://bit.ly/2IygR7z
- 1 participant
- 4 minutes
15 Jul 2020
This is the kickoff for the GitLab Container Security group for the 13.3 release.
Container Security priorities issue: https://gitlab.com/gitlab-org/gitlab/-/issues/222791
Create/edit/delete policies epic: https://gitlab.com/groups/gitlab-org/-/epics/3403
Container Security priorities issue: https://gitlab.com/gitlab-org/gitlab/-/issues/222791
Create/edit/delete policies epic: https://gitlab.com/groups/gitlab-org/-/epics/3403
- 1 participant
- 3 minutes
8 Jul 2020
design review for alerts MVC (threats monitoring): https://gitlab.com/groups/gitlab-org/-/epics/3438
- 1 participant
- 6 minutes
25 Jun 2020
How to associate a management project with your K8S cluster
Documentation: https://docs.gitlab.com/ee/user/clusters/management_project.html
Documentation: https://docs.gitlab.com/ee/user/clusters/management_project.html
- 1 participant
- 2 minutes
24 Jun 2020
Link to the documentation: https://docs.gitlab.com/ee/user/clusters/applications.html#install-apparmor-using-gitlab-cicd
- 1 participant
- 5 minutes
24 Jun 2020
Documentation: https://docs.gitlab.com/ee/topics/web_application_firewall/
This video demonstrates how to install the Web Application Firewall in logging and blocking modes.
Previous video in the series: https://youtu.be/IN-XGE1X8Mo
OWASP Core Rule Set:
- https://coreruleset.org/
- https://github.com/coreruleset/coreruleset/
This video demonstrates how to install the Web Application Firewall in logging and blocking modes.
Previous video in the series: https://youtu.be/IN-XGE1X8Mo
OWASP Core Rule Set:
- https://coreruleset.org/
- https://github.com/coreruleset/coreruleset/
- 1 participant
- 2 minutes
18 Jun 2020
Documentation: https://docs.gitlab.com/ee/topics/web_application_firewall/quick_start_guide.html
All container security features in GitLab require Kubernetes. This video shows how to quickly create a Kubernetes cluster using the WAF Quickstart guide.
All container security features in GitLab require Kubernetes. This video shows how to quickly create a Kubernetes cluster using the WAF Quickstart guide.
- 1 participant
- 2 minutes
4 Feb 2020
This is a demo of the new Container Network Security feature available in GitLab 12.8. The feature embeds Cilium to allow users to write NetworkPolicy rules that can restrict traffic between Kubernetes pods in a GitLab managed deployment.
- 2 participants
- 8 minutes
12 May 2013
When your bathroom sink does not drain well, quite often it's because
your pop-up stopper is plugged with debris. In a previous video I showed you have to clean out a typical pop-up stopper founder in 95% of the sinks. You can see that video here: http://youtu.be/rSwJpHy4LOQ
But American Standard sinks have a new type of "Speed Connect Drains", with a Cable Connector that controls the pop-up. This video will show you how these types of pop-up drain stoppers work.
your pop-up stopper is plugged with debris. In a previous video I showed you have to clean out a typical pop-up stopper founder in 95% of the sinks. You can see that video here: http://youtu.be/rSwJpHy4LOQ
But American Standard sinks have a new type of "Speed Connect Drains", with a Cable Connector that controls the pop-up. This video will show you how these types of pop-up drain stoppers work.
- 2 participants
- 10 minutes