►
From YouTube: Group Conversation March 8 2021 - Security Awards update
Description
Security Awards Program update by Philippe Lafoucrière, Distinguished Security Engineer. The leaderboards are now updated automatically via the project pipeline.
A
Hi,
this
is
philipp,
I'm
a
distinguished
security
engineer
at
git
lab
and
today
we're
going
to
talk
about
the
security
awareness
program.
So
the
security
awareness
program
is
a
program
that
we
just
launched
in
the
last
quarter,
and
the
goal
of
this
program
is
is
to
incentivize
security
initiatives
from
gitlab
members
and
the
community
to
serve
as
many
security
related
problems
as
possible.
A
Everyone
is
entitled
to
participate,
actually,
there's
nothing
to
do.
The
security
department
is
going
to
nominate
people
directly
using
some
labels
and
we
have
what
we
call
the
conceal
issue
where
we're
going
to
vote
for
the
best
initiatives
every
week
and
the
number
of
votes
is
going
to
determine
the
number
of
points
that
we're
going
to
give
away
to
the
participants
and
at
the
end
of
the
quarter,
the
winners
will
be
entitled
to
receive
some
nice
prices.
We
also
have
a
yearly
contest
that
just
started
this
year.
A
So
how
does
it
work
we're
using
these
labels
on
various
issues
and
merge
requests
actually
to
nominate
someone?
The
security
department
has
to
use
these
labels
on
logic,
question
issues
in
the
gitlab
org
and
gitlab.com
namespaces.
A
A
So
in
this
case
we
have
one
nomination.
For
this
week,
every
nomination
will
be
in
the
form
of
a
discussion
of
a
thread
in
the
issue.
You
are
going
to
count
the
number
of
votes
from
the
the
apsec
team.
A
A
We
are
also
sending
some
congratulations.
Congratulations
message
here
from
the
gitlab
boat,
so
all
of
this
is
done
within
this
small
cli
program.
We
don't
have
any
service
running
as
of
today.
It's
only
a
cli
running
in
the
pipeline
and
to
give
you
an
idea
of
how
it
works.
This
is
the
typical
pipeline,
we're
building
the
wall,
a
program
or
building
a
docker
image
and
we're
using
this
docker
image
to
generate
the
leaderboards.
A
The
prices
page
validate
the
data
and
everything,
but
also
the
data
is
stored
within
the
repository
directory
in
flat
embl
file,
and
this
yaml
file
is
updated
directly
by
the
pipeline.
So
when
we
close
an
issue,
it's
going
to
update
the
dot
awards.cml
file
here
in
the
data
folder,
you
can
see
here.
The
difference
we
are
nominating
and
awarding
stephen
bronze
was
nominated
by
victor
de
souza
and
we
are
generating
this
this
entry
and
this
entry
is
going
to
generate
a
merge
request.
A
So
this
merge
request
here
is
exactly
what
we've
seen
here.
We
are
in
the
category
development.
We
have
four
different
categories
in
this
program.
We
have
development,
engineering,
non-engineering
and
community,
and
so
this
merge
request
is
requiring
the
approval
of
someone
in
the
absence
leadership
group
that
we
have
here
lawrence
hita
and
james
and
myself.
A
So
that's
all
the
data
that
is
going
into
this
repository
is
always
approved
review
by
ourselves
and
we
can
track
all
the
changes
on
on
this
files,
and
so
as
soon
as
we
update
this
file,
it's
going
to
generate
another
pipeline
because
we're
merging
that
into
master
of
course,
and
from
here
we
have
another
pipeline
running
and
at
the
end
of
the
pipeline,
we
have
this
updating
book
job
that
is
generating
a
new
leaderboard
and
in
the
end
book
it's
going
to
update
the
ranking
of
the
the
participants.
A
So
here
we
can
see
the
introduction
of
steve
abrams
domination,
with
the
300
points
that
we've
seen,
because
there
were
three
votes,
and
so
this
job
is
going
in
turn
to
generate
a
merge
request
in
the
handbook
by
the
gitlab
boat,
which
is
pretty
sweat,
straightforward.
It's
going
to
update
the
markdown
page,
it's
a
very
simple
way
to
display
the
the
ranking,
and
so
the
market
on
page
is
displayed
as
this
in
the
indian
book
directly.
There's
nothing
really
fancy
with
that.
A
It's
very
very
boring
solution,
but
it's
working
and
we
have
the
the
end
book
updated
directly
every
week
we
don't
have
anything
to
do
so.
That's
new,
that's
a
great
update
and
I'm
particularly
proud
of
that.