►
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
All
right,
the
goal
here
is
to
see
what
happens
when
projects
don't
have
any
CI,
that's
defined
at
least
no
gitlab
CI.
So
maybe
it's
using
some
external
rankings
CI,
but
without
the
gitlab
integration,
and
for
this
demo
I'm
going
to
try
with
a
new
project
so
I'm
going
to
create
a
project
with
a
template,
and
this
demonstrates
that
okay,
newly
created
projects
still
benefit
from
from
security
politics
and
and
amongst
policies,
the
the
execution
policies
that
enforce
new
scans.
A
A
A
A
Great
now,
let's
go
to
the
math
request
and
again
I've
set
up
nothing
here,
only
coding
inside
the
new
project,
and
you
see
that
the
pipeline
has
triggered
actually
two
have
to
get
one,
the
first
one
when
I
created
the
pipeline
and
the
second
one
when
I
first
pushed
code
and
let's
look
at
the
pipeline
alright.
So
it
has
a
secret
detection,
job
and
a
static
analysis.
Drug.
A
Right
now
that
it
has
finished,
let's
go
back
to
the
match
request
and
you
can
see
that
all
right,
I'm
going
to
refresh
this
page
just
to
have
everything
clean
and
you
see
the
match.
Request
is
blocked
because
we
have.
We
need
an
approval
because
we
detected
vulnerability
right.
You
have
access
token,
that's
in
the
code,
which
is
a
critical
vulnerability.
A
Now,
how
does
the
setup
of
this
work?
Well,
if
I
go
to
policies,
I
see
that
this
project
does
have
some
policy
in
place
and
they're
actually
inherited
from
the
parent
group.
So
what
happens
is
when
you,
when
you
configure
scans
on
a
group
level,
so,
for
instance,
on
this
group,
then
they
they
get
cascaded
to
all
the
subgroups
and
projects
inside
it,
including
newly
created
groups,
and
now,
let's
look
at
the
policies
we
have
and
we
have
some
periodic
scans
in
order
to
to
scan
a
projects
that
are
not
developed
anymore.
A
A
We
also
want
to
scan
on
all
branches,
meaning
on
all
push
pushes
to
to
all
branches.
This
could
also
be
set
up
to.
Let's
have
a
look.
This
could
also
be
set
up
to
trigger
every
time
a
well.
Every
time
code
is
pushed
to
protection,
branches,
default
branches
or
I
could
even
specify
which
protected
brain
fees
I
wouldn't
want
to
to
to
to
previously
I
could
I
could
figure
main
I
could
figure
out,
develop
Etc
and
they
could
use
volca
wildcards
for
this
and
finally
approval
rules,
which
requires
the
approval
that
we
saw
earlier
right.