►
From YouTube: Sec Section PM : Field Sync August 2023
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
Foreign,
this
is
the
Cs
and
PM
monthly
and
it
is
August
14th
and
we
are
going
to
chat
a
little
bit
about
the
updates
that
we
have
from
a
product
the
product
side.
So
the
group
level
group
and
subgroup
level
dependency
list
we've
released
this
behind
a
feature
flag
in
16,
2
and
16
3.
This
will
be
available
by
default.
A
It
is
the
it
is
the
MVC
and
we
have
future
iterations
coming.
That
will
include
things
like
filtering
and
searching,
but
we
will
have
this
available
by
default
in
16-3
and
then
also
in
16-3,
explain
this
vulnerability
will
be
in
beta.
A
So
we
have
made
some
enhancements
since
that
experiment,
both
from
an
infrastructure
standpoint,
a
security
standpoint,
but
what
customers
will
be
seeing
is
they'll
be
able
to
see
a
preview
of
their
prompt
we've
added
in
some
quick
Security
checks,
just
to
make
sure
that
no
secrets
are
included
in
the
prompt
that
include
part
of
the
code
and
users
can
also
select
if
they
want
to
exclude
the
code
from
The
Prompt,
but
still
use
that
AI
feature.
A
B
Yeah,
so
some
of
these
are
starting
to
roll
out
already,
but
in
16
3,
we're
working
to
add
some
additional
filters,
including
the
age
filter
and
also
the
attribute
filter.
The
attribute
support
filtering
out
things
like
vulnerabilities
that
do
not
have
a
fix
available,
so
you
can
exclude
those
from
your
approval
criteria,
also
using
age.
You
can
create
policies
with
like
pre-existing
for
pre-existing
vulnerabilities
to
require
developers
to
fix
those
after
a
certain
period
of
time.
B
B
and
then
just
improvements
to
the
scan
result.
Policy,
approval,
accuracy,
double
check
yeah.
So
in
the
past
we
were
only
looking
at
the
latest
Pipeline
and
that
caused
problems
for
certain
scenarios
where
customers
were
using
merge,
request
pipelines
and
they
had
some
scans
in
merge,
request
pipelines.
But
then
you
also
have
regular
push
pipelines.
B
You
could
also
even
have
scheduled
pipelines,
and
so
this
New
Logic
helps
account
for
those
cases
better
by
instead
looking
at
the
latest
pipeline
for
each
type
of
Pipeline,
and
then
it
pulls
the
latest
security
report
across
all
of
those
for
each
type
of
scan.
So
that
way,
if
you're
running
desk
scans
in
a
scheduled
pipeline,
job
and
secret
detection
in
another-
and
you
know
it's
going
to
pull
those
reports
from
all
those
different
types
and
then
e-bot
users
will
be
created
in
projects.
B
So
in
the
past
we
were
using
the
user
identity
of
the
person
who
created
the
first
security
policy,
essentially
to
execute
the
scan
execution
jobs.
The
problem
is:
if
that
person
ever
leaves
the
company,
then
those
jobs
would
stop
running
and
so
we're
switching
that
over
to
just
use
a
bot
user
so
that
it's
more
reliable
and
you
don't
have
to
worry
about
who's,
setting
it
up
to
be
confident
that
those
will
run
and
then
F.
This
one
is
for
dast,
so
we
have
our
on-demand
scans.
B
In
the
past,
there's
been
no
way
to
choose
what
type
of
Runner
is
used
to
execute
those
Dash
jobs.
So
we
added
a
new
drop
down
and
a
new
Option
into
those
Dash
profiles
to
let
you
select
what
Runner
tags
you
want
to
choose
it's
optional.
Obviously
you
don't
have
to
put
that
in,
but
if
you
want
to
choose
which
Runners
execute
those
on-demand
death
jobs,
you
can
do
that
now.
C
Sure
so
we're
adding
Java
v21
support,
which
is
the
latest
LTS
version
for
dependency
and
licensed
scanning.
A
B
A
A
Search
is
coming
in
like
future
versions,
we're
also
adding
the
enhanced
searching
capability,
the
vulnerability
report
and
we're
looking
at
it
across
vulnerability
report
dependency
lists
and
at
the
project
and
group
level,
but
yeah
having
that
ability
to
search
will
eventually
come.
It's
not
coming
in
like
immediately
succeeding
iterations,
but
it
should.
It
is
on
the
roadmap
for
this
year.