►
From YouTube: Protect:Container Security group discussion 2021-08-24
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
Hey
it
worked
zoom.
Let's
co-host
initiate
recordings
all
right.
Welcome
to
our
weekly
group
meeting
for
the
container
security
group.
We've
got
a
full
agenda.
First,
one's
from
alexander
lindsay.
Do
you
mind
voicing
that
one
over
for
us.
B
I
don't
I
just
had
to
find
my
unmute
sorry
about
that.
So
alexander
is
sharing
a
demo
about
the
a
new
ability
to
create
edit
or
delete
scan
execution
policies
on
the
security
and
compliance
policies
page.
So
this
is
now
available
for
your
viewing
and
hopefully
testing
and
staging.
I
had
a
chat
with
him
earlier
today
and
I
asked
if
there's
anything
we
could
do
to
help,
and
you
know
he's
here
now
there
he
is
hi.
Do
you
want
to
speak
for
yourself.
B
C
Yeah,
any
testing
that
you
could
do
would
be
greatly
appreciated,
thiago,
and
I
were
late
to
this
call
just
because
we
were
testing
and
found
an
interesting
edge
case
where
I'll
describe
later,
but
finding
fun
little
things
like
that.
Would
it's
gonna
be
easier
with
more
people
looking
at
it.
So
I
appreciate.
D
Explaining
so
so,
the
the
the
test
project
was
linked
to
a
policy
management
project
that
was
alexander's
own
project.
I
didn't
have
permissions
to
it,
so
I
don't
know
we
can
probably
just
tweak
the
error
messages
to
be
a
bit
clearer
to
say:
hey.
You
need
permissions
to
this
project
here,
because
that
there
was
a
bit
of
work
as
well.
C
Yeah,
we
might
need
to
either
we
can
tweak.
I
mean,
I
think
the
easiest
thing
is
to
do
is
to
tweak
the
error
message
in
the
long
term.
We
should
probably
just
like
how
we're
passing
up
the
permissions
for
whether
a
user
can
even
edit
the
policy
project,
and
then
we
gray
out
to
create
the
merge,
create
merge,
requests
button
if
they
don't
have
access
to
that.
C
E
Yeah,
there's
a
there's:
a
validation
service
that
checks
a
ton
of
different
stuff
when
trying
to
pull
up
the
policy
and
but
I
don't
think
it
checks
permissions
and
that
that
might
have
been
something
that
I
just
forgot
about.
So
I'll
I'll,
take
a
look
at
it
tomorrow
and
try
testing
it
and
see
see
if
I
can
break
it.
C
Oh
yeah
thiago,
if
you
want
to
create
an
issue
outlining
exactly
how
to
break
it
for
ryan
that'd,
be
great.
D
Sure
thing
so
he
he's
recorded
a
video
demo,
it's
in
the
in
the
agenda
for
the
secret
detection
policies.
You
can
now
create
an
execution
policy
for
secret
detection
and
it
works
for
both
schedule,
pipelines
and
regular
pipelines.
So
if
you
create
a
policy
that
executes
that,
when
you
run
a
pipeline,
you
have
a
job
for
that
and
if
you
want
to
do
the
historical
scan,
you
do
the
schedule
one
and
then
it
will
do
a
historical
scan
and
the
video
shows
all
that.
It's
it's
pretty
pretty
cool.
A
Awesome,
yeah
and
zamir-
you
didn't
put
your
items
in
here,
but
I
know
you've
released
a
lot
of
things
in
production
as
well
with
the
vulnerability
check,
so
I've
had
a
lot
of
good
stuff
coming
out
lately.
I
feel,
like
we've,
been
working
for
several
milestones
toward
this
and
we're
we're.
Finally
getting
this
point
of
releasing
a
lot
of
it.
So.
E
F
F
Yeah
I
was
hoping
to
put
together
something
as
long
as
I
as
soon
as
I
finished
the
last
issue,
but
I
need
to
wait
a
little
bit
more
before
I
can
do
the
implementation.
A
So
for
planning
breakdown
today
I
wanted
to
talk
about
adding
support
for
sassed
skin
execution
policies.
Are
there
any
questions
on
that
one?
Do
we
need
to
do
a
quick
walkthrough
of
it?
Did
everyone
here
have
a
chance
to
take
a
quick
look
at
that
before
the
call.
D
I
forgot
to
mark
it
with
a
carrot,
but
I
did
look
into
it
and,
and
I've
asked
my
questions,
I
don't
think
I
have
any
any
more
questions
for
planning
breakdown
just
want
to
hear
what
alexander
and
the
other
engineers
have
to
say.
Okay,.
A
A
There
isn't
such
a
thing
right
now
as
a
sas
profile,
so
at
least
right
now
we're
just
adding
support
for
that
one
specific
variable,
which
is
probably
one
of
the
easier
variables
to
add,
support
for
and
one
of
the
most
useful,
so
we're
trying
to
capture
the
low
hanging
fruit
there.
That's
probably
the
most
complex
thing
out
of
all
of
it.
Otherwise
it
should
be
really
similar
to
what
we
did
for
secret
detection.
A
C
Ooh,
that's
great
point.
I
will
need
to
add
that
it
will
be
very
minimal
amounts
of
work,
and
just
just
so
I
just
be
so.
I
understand
make
sure
I
understand
fully.
C
Basically,
the
scan
will
look,
as
you
mentioned,
it's
very
similar
to
secret
detection.
So
I'm
looking
at
the
docs
here
for
the
scan
policies
here
is
what
a
scam
for
secret
detection
look
like
looks
like
but
you're
saying
instead
of
secret
detection.
Here,
it's
going
to
say
sas
analyzers,
just
sassed
yep
sas.
A
C
D
Nope,
I
haven't
picked
a
a
dri
for
back
end
if
any
brian,
if
you
wanna,
if
you
want
it
otherwise
I'll,
ask
tashi
or
or
machi,
we'll,
have
a
look
we'll
take
it
offline.
Okay,
I.
E
B
This
came
up
a
few
weeks
ago,
it's
just
around
scheduling,
and
I
know
that
it's
kind
of
late
for
folks,
I
think
for
brian
it's
after
five
and
zamir,
it
looks
like
it's
dark
wherever
you
are
just
a
suggestion
to
see.
If
we
wanted
to
move
this
forward
by
an
hour,
because
I
know
thiago
wakes
up
with
the
sun,
it's
only.
B
A
B
B
B
This
makes
everything
so
clear
to
me,
so
I
mean
everything
is
sort
of
east
leaning.
If
we
wanted
to
move
this
forward
an
hour,
I
just
wanted
to
suggest
it
if
it
was
easier
for
folks.
That's
all.
E
Yeah
the
the
3
p.m.
Time
would
be
a
lot
better.
For
me,
this
is
this
is
like
I'm
trying
to
I'm
trying
to
mentally
configure
the
time
zone
in
my
head,
like
it's
an
hour
and
a
half
earlier
right.
B
E
Okay,
yeah
that
that
time
would
be
better
for
me,
because,
right
now
it
is
at
five
o'clock
my
time
and
I'm
usually
done
working
by
then.
D
A
And
I
believe
it
earlier,
I
know
sometimes
alan
works,
you
know
non-standard
hours,
so
he
ends
up
working
really
late.
His
time.
A
D
B
I'm
just
a
reminder
that
all
meetings
are
optional.
I
figured
we've
just
had
this
one
on
the
calendar
for
long
enough
that
we
should
revisit
and
make
sure
that
it's
as
easy
as
possible
for
everyone,
sam
and
tiago.
I
think
you
guys
have
a
one-on-one
scheduled
right
before
this.
Would
you
be
willing
to
to
move
it
around
or
switch
it
if
we
pull
this
back
by
an
hour
or
forward
by
an
hour
I
mean.
F
C
F
E
E
I
think
I
think
we
have
a
link
to
that
page
in
our
second
channel
right
that
can,
in
the
topic
of
something
in
the
description.
E
A
B
Yeah,
I
just
updated
the
protect
calendar,
so
any
anyone
who
has
themselves
as
an
invitee
should
get
an
update
and
if
you're
looking
at
the
calendar,
it
should
show
one
hour
earlier,
starting,
I
probably
just
updated
today.
I
just
updated
today's
instance
too.
So,
starting
today,
that'll
be
confusing.
A
All
right
so
then
our
last
item
zamir
brought
something
up
and
I
think
we've
mostly
handled
it
at
this
point,
but
parts
of
the
conversation
I
felt
like
would
be
useful
just
to
touch
on
in
this
group.
Discussion.
F
Yeah
for
sure,
so
I'm
gonna
work
in
this
new
scan
security
policy
not
scan
but
security
policy.
That's
related
to
the
mr
approvals,
and
what
happens
is
that
it
forced
me
to
go
through
all
that.
We
have
done
for
this
policy
page
and
just
evaluate
where
we
are
at
and
why
the
things
are
as
they
they
are.
So
then.
The
first
thing
that
came
out
was
that
I
was
surprised
that
I
was
not
surprised.
F
I
was
considering
what
was
the
reason
that
we
had
the
eml
eml
modes
and
the
ui
mode,
and
the
reason
was
because
the
network
policies,
as
we
had
the
serial
network
policies
it's
by
default,
a
ml
mode.
So
then
we
just
try
to
make
it
familiar
and
easier
for
people
that
are
working
with
the
network
policies
you
just
copy
and
paste
and
enemies
to
support
that
thing.
So
then,
right
now
I'm
working
something
we
are
getting
a
feature
from
the
that's
right
now.
F
F
The
way
that
you
store
the
information
and
also
the
way
that
you
compare
this
information
with
the
merger
request
rules,
and
then
I
start
this
conversation
with
sam
through
the
issue
and
also
in
the
agenda
here
and
then
I
think
the
if
we
could
summarize
everything
like
there
is
a
big
thing:
there's
a
big
split
in
the
users
base
in
terms
of
preference
in
terms
of
the
eml
mode
and
the
ui
mode,
and
also
there
is
a
already
existing
structure,
handling
the
project.
Eml
data
that
we
built
for
the
scan.
A
That's
it
yeah,
that's
a
great
summary.
I
mean
we
found
that
when
we
first
did
the
testing
and
I've
continued
to
see
that
as
I've
shared,
you
know
the
prototype
that
we've
got
and
talked
about
this
feature
with
customers.
It's
almost
like
a
mac
versus
windows.
Thing
is
the
analogy
I
shared
with
samir.
Everyone
has
a
very,
very
strong
opinion
and
they're,
either
on
one
side
of
the
fence
or
the
other
where
they
say
you
know
I
love
what
you
have
here.
A
I
would
never
touch
that
yaml
mode
thing,
I'm
only
going
to
use
the
rule
mode.
You
know
that
makes
sense
to
me
or
they'll,
say
the
exact
opposite.
It's
very
polarizing
right
where
they
say
you
know.
This
is
great.
I
would
use
the
rule
mode
only
as
long
as
I
had
to
to
figure
it
out
and
then
I
would
never
touch
it
again.
I
only
work
in
yaml
I
want
to
live
in.
Yaml
like
security
is
code,
makes
perfect
sense
to
me,
and
so
it's
just
really
interesting
to
see
those
opinions.
A
But
you
know,
of
course,
as
we're
rolling
this
out
for
a
first
mvc.
You
know
we
don't
have
support
for
both
of
those
modes
all
the
time.
A
At
least
we
don't
right
now
for
scan
execution
policies,
but
by
making
that
choice,
you
know
we're
alienating
about
half
of
our
customer
base,
because
we
don't
have
that
other
mode
available.
So
that's
why
we
want
to
take
that
time
to
come
back
in
and
support
both
modes
in
the
long
run
is
because
there
are
such
strong
opinions
about
it.
It
would
be
different
if
it
was,
you
know,
90
preferred
one
or
if
it
wasn't,
as
strongly
held
with
an
opinion.
D
Yeah,
I
have
a
feeling
we
will
have
more
discussions
around
this
topic,
especially
zamid
raised
the
his
second
point.
There
is
pretty
good
about
calls
to
italy
that
was
already
raised
by
maintainers
when
we
first
implemented
it,
and
we
had
to
put
a
limitation
on
on
how
we
changed
the
the
format
of
the
files,
so
you
wouldn't
search
for
files.
We
just
go
to
one
file,
so
you
can
only
pick
one
name
and
the
amount
of
calls
you
make
to
that
it
can.
It
can
be
slow
as
well
and
we
could
always.
D
F
Go
ahead,
one
of
the
things
about
that
is
that
we
have
everything
on
the
project
level
now
and
basically
we
have
the
relationship
between
the
project
and
the
security
project.
As
as
we
go
forward
moving
to
the
group
level,
then
this
relationship
wouldn't
be
too
crazy.
If
we
have
everything
in
the
db,
then
migrating
this
to
the
group
group
level,
it
would
be
way
more
complicated.
A
Yeah,
that's
a
great
point
as
well.
In
fact,
you
know
we
just
did
the
planning
breakdown
for
supporting
sask
policies,
but
our
very
next
priority
in
that
list
is
moving
this
to
the
group
into
the
workspace
level.
So
that's
coming
up
really
fast.
You
know.
That's
the
next
thing
that
we're
going
to
start
preparing
for
development
and
yeah,
it's
nice
to
have
that
flexibility
with
the
design
that
we
have
now.