►
From YouTube: Incubation Engineering AI Assist - Weekly Demo 5-05-2022
A
So
last
week
I
told
you
about
this
dilemma
that
I
was
having
between
competing
products.
I
tried
to
figure
out
what
the
difference
is.
That's
coming
along
greatly
for
code
quality
and
zest
and
for
intelligent
code
security.
It
seems
to
be
that
it's
at
this
point
basically
the
same,
but
that
team
will
start,
probably
not
for
the
next
six
to
twelve
months
and
ais
can
start
building
a
foundation
for
that.
A
There
was
also
an
engineering
sync
with
it.
Where
I
asked
the
question:
should
it
be
in
the
id
or
on
gitlab.com?
The
answer
was
yes
should
be
on
both
to
reduce
cycle
time,
which
is
great.
That's
also
something
that
I
was
thinking
about,
and
I
wanted
to
further
explore
that.
So
I
wanted
to
start
with
docker
files,
because
well,
docker
containers
are
super
popular.
Almost
every
project
is
using
it
and
it's
an
isolated
environment.
So
it's
perfect
for
detecting
security
vulnerabilities,
so
hydrolint
is
a
super
popular
lender
for
dockerfile.
A
However,
I
looked
at
what
rules
it
has
and
very
little
of
them
are
focused
on
security.
I
came
up
with
two
rules.
Already,
like
copying
sensitive
files
and
exposing
api,
exposing
sensitive
information
via
the
build
arguments,
so
I
figured
I'll
just
add
those
as
rules
to
handle
it.
Atlanta
is
haskell
based,
I
am
not
familiar
with.
Haskell
was
a
very
steep
learning
curve
and
it
was
limiting
me
for
like
two
days.
I
got
95
done,
but
it
just
doesn't
pass
my
the
the
tests.
A
So
I
forget
this
is
gonna,
be
something
that's
gonna
keep
haunting
me.
So
I
need
something:
that's
either
python
or
ruby
based.
So
I
looked
for
existing
parsers,
there
were
two
one
is
from
red
hat.
It
was
incomplete,
but
python
based
and
the
other
is
a
python
wrapper
for
the
docker
docker's
own
parser,
but
that
format
doesn't
seem
to
be
what
I'm
looking
for,
because
I
want
it
to
be
a
data
driven
format
so
that
we
can
actually
use
that
data
for
analysis
and
training,
machine
learning
models.
A
So
I
started
building
my
own
parser,
which
surprisingly,
was
not
that
much
work.
It
was
only
a
day's
worth
of
development
and
I'm
now
going
to
build
an
analyzer
on
top
of
that,
so
we
can
actually
start
to.
We
can,
I
can
start
implementing
rules
as
for
linter,
based
suggestions
at
first
and
start
parsing,
a
bunch
of
docker
files
to
create
a
data
set,
so
the
data
set
can
be
used
to
analysis
and
learning
how
we
can
improve
docker
files.
A
Ideally
by
bringing
the
by
creating
this
linter,
we
should
be
able
to
scan
a
docker
file
before
we
actually
build
on
the
image.
So
we
prevent
resources
being
put
into
building
the
docker
image,
then
scanning
the
consequent
image.
While
we
could
have
already
detected
the
issues
while
it
was
just
a
pure
plain
instruction
in
the
dockerfile,
that
would
also
mean
we
can
scan
before
committing
scan
before
building
in
ci.
A
Hopefully,
we
can
also
looks
like
that.
Implements
can
build
a
scan
images
before
we
push
it
to
the
registry,
prevent
leaking
credentials
and
provide
merge,
requests
to
optimize
them.
A
In
this
case,
the
first
one
starts
at
line
number
one,
it's
a
from
instruction
and
the
details
are
that
the
image
is
python
and
the
version
is
3.7.8
and
this
works
for
all
of
them,
including
comments
which
is
technically
not
an
instruction,
but
I
made
it
an
instruction,
so
we
can
also
parse
those
for
either
actual
comments
or
commented
out
code.
It
also
works
for
multi-line
like
this
one
was
on
multiple
lines
and
it
just
questions
that
fine
as
well.