►
From YouTube: Sec Section PM / Field sync - December 2022
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
B
Everyone
for
joining
us-
this
is
the
monthly
secure
and
govern
product.
Sync,
with
our
some
of
our
field
team
looks
like
we've
got
a
good
read
only
in
there.
We
have
some
strategy
reviews
that
are
going
to
be
I.
Guess
we've
already
done
the
Govern
pre-record
and
we've
had
the
deck
as
well.
Secure
is
happening
later
today.
There's
the
slides
if
you'd
like
to
take
a
look,
definitely
worth
seeing
recap
of
everything.
Both
teams
have
done
over
the
last
six
months
of
what
we've
got
coming
up
in
the
next
six
months
and
then
Sam.
C
Yeah
I
just
want
to
signal
boost
two
big
changes
that
we've
got
coming.
These
are
gonna.
You
know
impact
your
customers
in
the
form
of
deprecations.
C
We
try
to
not
deprecate
things
until
we
have
a
replacement
available,
so
we
have
not
officially
announced
these
as
deprecations
yet,
but
I
wanted
to
give
all
of
you
just
a
heads
up
on
what
our
plans
are.
What
we
have
coming
I
know
some
of
us
we've
talked
about
in
the
past,
but
this
is
going
to
impact
all
of
your
customers.
So
the
first
one
is
we
plan
on
deprecating
the
license
compliance
scanning
job
in
1510.
If
we
can
do
it
earlier,
we
will
in
15
9,
but
in
1510
at
the
latest.
C
Basically,
what
this
means
is
that
users
will
still
be
able
to
do
license
scanning,
but
they
will
need
to
run
the
container
and
dependency
scanning
jobs,
so
we're
just
consolidating
our
analyzers
here.
Dependency
and
container
scanning
are
going
to
be
able
to
do
both
vulnerability
and
license
compliance
essentially.
But
if
you
have
a
customer
who
was
running
just
license
compliance
and
not
dependency
scanning,
it
will
stop
working
potentially
come
16.0,
so
they
will
need
to
to
switch
over
remnants
instead.
The
second
one
is
very
similar
to
how
we
deprecated
and
removed
vulnerability
check
in
15.io.
C
We
are
planning
the
same
for
license
check
here
in
16.0,
so
we're
actively
working
on
building
out
license
approval
policies.
These
will
show
up
in
the
security
and
compliance
policy,
edit
area
and
again,
we
hope
to
have
that
functionality
available
no
later
than
1510,
so
that
we
can
deprecate
license
check
and
customers
can
move
over
and
then
we
can
remove
it.
In
16.
C
we
tried
to
do
like
an
auto
migration
thing
in
15.0
for
vulnerability
check
that
auto
migration
did
not
work
and
and
was
not
successful,
and
we
got
a
lot
of
feedback
from
customers
who
did
not
want
us
to
automatically
open,
merge
requests
into
their
security
policy
projects
for
them.
So
we
will
not
be
attempting
to
Auto
migrate
and
instead
we
will
rely
on
the
customers
to
create.
You
know
basically
do
their
own
migration
between
the
1510
and
16.0
releases.
A
A
We
won't
be
switching
the
default
desk
in
here.
It
will
still
be
the
the
Legacy
scanner
that
uses
zap
in
the
Das
template,
but
in
the
dast
dash
latest
template
we
will
be
switching
it
to
be
the
browser-based
scanner,
and
so
what
this
really
means
is
that
the
spider,
the
auth
service
and
the
passive
vulnerability
checks
are
GA
and
will
be
run
using
the
browser-based
scanner.
A
The
active
vulnerability
checks
right
now
will
be
still
using
the
the
Legacy
desk
scanner
or
analyzer
with
zap
and
those
as
we
finish
each
one
of
those
they'll
be
released
to
the
browser-based
analyzer
and
they
will
be
run
in
the
browser-based
side
of
things
rather
than
the
zap
analyzer,
the
proxy
based
analyzer,
so
that
yeah
that's
happening
in
15
7
and
we'll
keep
working
on
improvements
to
that
and
the
active
checks
in
the
upcoming
milestones.
B
All
right
do
we
have
any
other
product
related
questions
before
we
cut
over
to
the
private
recording
section.
D
One
question
I
do
have
about
browser-based
that
scanning
Derek
is
with
regards
to
those
customers
that
run
dast
offline.
There
has
been
some
concern
with
regards
to
certificate
and
certificate
authorization.
Type
models
are
those
inclusive
in
the
browser-based
test,
or
is
that
a
later
feature
that
you're
planning.
A
So
there's
a
couple
of
things
around
that
one
would
be
if
they're
worried
about
things
like
Mutual
TLS.
That
is
definitely
something
that's
being
included
in
browser-based
stats.
If
they're
worried
about
like
certificate
errors,
because
it's
an
internal
system
that
maybe
they
don't
have
a
CA
set
up
or
something
that
you'd
get
an
error
whenever
you
try
to
access
that,
we're
actively
ignoring
any
certain
errors
right
now,
because
we
know
that
these
are
going
to
be
internal
systems,
we
actually,
you
know,
tell
people
not
to
use
them
on
their
production
systems.
A
That
would
give
you
the
the
the
real
cert
so
we're
ignoring
any
cert
errors
for
now,
simply
because
we
know
that
it's
going
to
be
an
internal
system.