►
From YouTube: Security Policies enforced in GitLab Agent Demo
Description
Related to https://gitlab.com/gitlab-org/gitlab/-/issues/341358
This video presents a demo recorded in the local environment to present the current progress of the work for Cluster Image Scanning scan enforced by Security Policy in the connected cluster.
NOTE: This demo is presenting a work that was not yet merged to GitLab, the behavior or configuration might change during the review process.
A
Hello:
everyone,
my
name,
is
mati
processing,
I'm
a
backend
engineer
and
protect
container
security
team
in
gitlab,
and
today
I
would
like
to
talk
to
you
about
the
progress
of
one
of
the
issues
that
we're
currently
working
on.
We
would
like
to
simplify
the
configuration
of
the
cluster
image
scanning
and
allow
users
to
first
scan
on
kubernetes
resources
with
security
policies.
A
It's
still
on
the
review,
so
we
have
to
wait
a
little
bit
to
see
it
in
keepstep,
but
it's
it's
closer
to
the
finish
line.
So
so
I
need
to
work
on
some
tests
and
soon
I
hope,
we'll
be
able
to
merge
it.
Okay.
So
I
have
a
project
cis
test,
customer
scanning
test
and
I
have
the
agent
configured
the
github
agent
and
I
have
empty
configuration.
A
So
you've
noticed
that
I
don't
have
any
starboard
keyword
here.
I
don't
have
any
cabin
set,
so
currently
it
is
disabled,
so
I'm
not
able
to
run
scans
in
the
first
scans
with
the
config
here
I
also
have
security
policies
and
for
cis
and
this
policy.
A
A
Policing,
okay,
so
apparently
the
policy
is
enforced.
Now,
let's,
let's
see
in
the
what's
currently
working.
So
what
we
should
see
is
that
we
should
see
the
update
of
the
security
policies.
We
should
see
the
new
update
and
the
client
should
should
get
that
information
and
set
it
so
on
agent,
we
should
see
already
that
the
new
worker
should
already
working
okay.
A
A
And
we
should
see-
and
let's
see
if
it's
actually
yeah
it
is
running
so
now
we
should
wait
just
one
minute
just
to
see
some
some
scans.
A
Okay,
all
right.
We
see
that
some
problems
were
found
and
they're
created
in
gitlab.
So
we
see
some
connection
between
agent
and
the
server
that
we
are
going
to
create
a
new
vulnerabilities
in
the
gitlab.
So
now,
let's
jump
to
burn,
build
report.
Let's
refresh
it,
we
should
see
more
vulnerabilities
already
yeah
and
we
should
see
here
some
vulnerabilities
that
are
from
nginx
118..
A
A
So,
as
you
can
see,
if
you
have
a
policy
and
it's
enabled
and
it's
configured
for
the
agent,
you
are
able
to
enforce
the
customer
scanning
on
your
agent
and
mr
is
currently
in
progress
soon
it
will
be
on
review
and
hopefully
in
the
next
in
the
next
milestone.
You're
gonna
see
it
in
github.
Thank
you
very
much.