►
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
Hey
welcome
back
to
another
update
of
ai
assist,
so
first
up,
I
wanted
to
quickly
mention
a
way
to
get
notified
about
any
of
the
updates.
A
A
Other
sdgs
are
doing
the
same
thing,
so
that's
a
great
way
to
stay,
updated
so
on
to
what
I
want
to
discuss
as
an
update.
So
I've
done
quite
a
bit
of
research
on
vulnerabilities
and
where
they
originate,
and
I
try
to
encapsulate
that
well
to
be
more
specific
vulnerabilities
in
docker
files
or
images,
and
I
wanted
to
create
something
that
is
capable
of
finding
vulnerabilities
in
the
dockerfile
before
it's
actually
even
built,
so
preventing
even
building
a
vulnerable
image.
A
A
Others
are
a
bit
more
important
like
running
as
a
as
the
least
privileged
user,
as
well
as
not
passing
in
sensitive,
build
arcs
that
gets
stored
in
the
history,
as
well
as
not
copying
in
sensitive
information,
which
is
dynamic.
So
if
you
do
a
copy
dot,
it
will
actually
look
in
the
context
see
which
files
are
ignored
by
the
docker,
ignore
and
then
copy
that
over
same
for
docker
ignore
files,
it's
actively
being
checked
if
they
are
present.
A
Explanation
but
I
haven't
introduced
a
flag
yet
so
I'm
just
quickly
changing
it
and
running
it
again,
and
if
you
run
it
like
that,
you
actually
get
the
dock
strings
of
the
functions
or
the
rules
they
get
printed
out.
It's
not
super
readable
right
now.
That's
something
that
I
still
want
to
improve.
So
I
want
to
make
this
clickable.
It
should
already
be
clickable,
but
for
some
reason
it
isn't
add
callers,
etc.
A
A
After
that,
I
will
wrap
up
the
analyzer,
so
it's
ready
for
release
and
I
will
also
make
it
available
inside
of
the
pipeline,
so
first
step
would
be
to
just
have
it
available
in
the
pipeline,
so
you
would
just
do
a
dockerfile
analyzer
just
to
scan
your
dockerfile.
If
that
is
okay,
then
we
build
it
and
follow
the
rest
of
your
pipeline.
A
I
also
explored
the
github
api
to
find
dockerfiles,
but
that's
limited
to
projects
only.
So
if
someone
has
an
idea
on
how
to
get
like
10
or
20
000
local
files,
please
let
me
know-
I
probably
will
result
into
just
scraping
it
either
from
github
or
docker
registry
docker
hub
depending
on
if
they
allow
it.
I
know,
github
does
allow
it.
So
that
would
work,
but
if
we
can
just
get
a
bunch
of
docker
files
from
gitlab,
that
would
prefer
that,
because
it
just
saves
a
bunch
of
hassle.