►
From YouTube: Protect:Container Security group discussion 2021-12-14
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
Welcome
to
our
weekly
group
meeting
for
container
security.
First
of
all,
we
have
a
couple
demo
items
to
highlight.
A
B
Yeah
sure,
if,
if
you
use
command
up
and
down,
usually
that
takes
you
to
the
bottom
of
the
page
or
the
top
of
the
page,
but
when
I
use
that
on
on
that
report,
it's
now
just
cycling
through
the
tabs.
I
could
show
it
here,
but
oh
my
god,
let's
see
so
I'll
just
show
the
two
things
that
I
noticed
there
I'll
hit
up
daniel
on
slack.
B
So
first
thing
is:
if,
if
so
now
I
want
to
go
to
the
bottom,
or
maybe
I've
been
to
the
bottom,
I
scrolled
and
I'm
gonna
hit
command
up,
and
it's
doing
this
instead.
B
Yeah,
I
don't
know
if
that's
on
purpose-
and
the
other
thing
I
noticed
was
the
I
think,
is
it
the
activity
one
or
how
did
I
reproduce
that
the
set
status?
So
if
I
do
this
yeah
this
is
that
index.
I
think
problem
here.
We
have
yeah
yeah
yeah,
so
I'll
follow
this
up,
but
all
in
all
it
it
looks
great.
It
works
great.
It's
good
to
see
it
yeah.
A
It
looks
like
alexander
finished
the
dependency
list,
modifications
that's
exciting
well
and
I'll,
just
say,
overall,
big,
congratulations
to
the
team.
This
has
been
a
busy
milestone.
I
know
we
had
some
things
that
barely
missed
last
milestone,
but
all
together
we
have,
I
think,
four
release
post
items
from
this
group
going
out
in
this
release
post.
So
that
is
a
big
deal.
You
know.
That's
pretty
tough
for
any
group
to
pull
off.
You
know
four
pretty
major
items
in
one
milestone,
so
congratulations
to
the
team
for
getting
all
of
those
across
the
finish
line.
B
A
A
So
I
did
want
to
talk
about
just
two
items
for
planning
breakdown.
This
first
one
is
a
little
bit
of
a
new
point,
as
I
think
yeah,
and
has
already
done
the
development
work,
but
just
for
the
benefit
of
everyone
else
in
the
group
or
anyone
who's
watching
the
video
we
are
planning
to
allow
language
specific
findings
from
the
container
scanning.
A
Analyzer
we've
gone
back
and
forth
on
this
several
times,
just
due
to
the
duplicates
that
it
potentially
creates,
if
you're
also
running
a
dependency
scanning
job,
but
we're
going
to
default
this
to
off,
but
put
it
behind
a
setting
so
that
you
can
change
a
variable
in
your
ci
and
choose
to
have.
It
also
report
any
language,
specific
findings
that
are
discovered
as
part
of
this
we're
also
just
renaming
one
of
the
variables
we
introduced
this
milestone
to
disable
dependency
list
instead
of
dependency,
scan.
B
That
that
that
number
two
there
has
been
completed,
I
don't
think
we've
released
it,
but
it's
merged
it's
in
master.
It
will
come
out
on
the
next
patch
release.
Okay,.
A
I
wanted
to
put
through
planning
breakdown-
and
my
apologies
for
adding
this
more
last
minute,
but
this
is
allow
users
to
enable
container
scanning
in
the
ui
via
nmr,
and
I
think
we
don't
have
this
100
decided
with
all
of
the
copy
text
and
everything,
but
I
do
think
it's
far
enough
along
that
we
can
put
this
through
planning
breakdown
and
refinement.
A
Essentially,
this
is
just
to
align
this
with
some
of
the
other
scanners
that
are
already
here,
such
as
secret
detection.
That
says
enable
with
merge
request,
so
we
want
to
create
that
same
sort
of
a
button
here
for
container
scanning
and
when
we
do
that,
you
know
this
is
just
an
mvp,
so
it's
not
for
mvc.
A
So
this
is
not.
You
know
complete
solution
with
like
a
configuration
screen
instead,
just
take
them
directly
to
an
open,
merge
request
with
a
prompt
and
some
instructions
to
take
a
look
at
our
documentation
to
make
sure
that
you
customize
it
correctly
and
then
the
actual
merge
request
itself
the
content
down
here,
we're
going
to
let
the
developers
put
in
what
they
believe
that
should
be.
So.
A
This
is
just
you
know,
for
illustrative
purposes,
only
showing
that
you
know
we're
going
to
be
adding
in
the
container
scanning
template,
and
you
know
to
be
determined
if
we
even
need
to
set
any
specific
variables
by
default
for
this
merge
request
and
then
once
it's
enabled
instead
of
saying
enable
with
merge,
request,
just
change
to
link
to
the
configuration
guide,
which
is
our
documentation
page
on
container
scanning.
A
On
that
great
question
yeah,
those
would
all
be
great
future
enhancements
for
this
mvc.
I'm
really
just
looking
at
you
know,
what's
literally
the
minimal
viable
change,
we
already
encourage
them.
In
that
description
we
have
like
a
big
exclamation
mark
saying
you
know
this
may
not
work
go
check
the
documentation,
so
I
would
say
we
probably
should
include
the
build
stage.
You
know
the
assumption
would
be
if
this
is
a
blank
project
and
you
just
click
this
button.
You
know
it
should
work
so
just
assume
all
default
settings.
A
B
And
should
we
include
in
that
case,
if,
if,
if
we're
assuming
or
if
we're
catering
for
blank
configs
another
way
of
doing
that
is
including
the
docker
ammo
and
the
container
scanning
ammo,
and
we
made
sure
that
these
work
together
now
they
didn't
in
the
past
by
the
way.
But
now
they
they
work
together.
That's
okay!
All
right
cool.
A
B
So
we
should
just
put
a
comment,
say
hey.
We
make
an
assumption
that
you
know
this.
This
is
the
assumption
we
make,
maybe
for
the
the
inclusion
of
the
doc
and
say
hey
if
you
already
have
a
job
building
your
image,
you
can
comment
this
line
out
and
apologies
for
the
sewing
outside
this
bit
of
a
home
improvement
happen.
A
B
That's
cool,
I
I.
I
asked
that
in
the
in
the
design-
and
my
recommendation
is,
is
to
just
let
the
engineer
put
something
in
the
refinement
and
we
can
always
cross
check
with
you
and
ux
as
a
final
step.
A
And
this
is
a
big
prerequisite,
because
the
next
item
on
our
list
is
to
move
container
scanning
down
the
core,
and
I
did
want
to
make
sure
that
we
had
an
easy
button
to
turn
it
on
before
we
went
ahead
and
did
that
awesome
so
all
right?
Well,
I
think
that's
it
for
this
week.
Do
you
have
anything
else.