30 Aug 2023
Demo of the new keyless signing integration with GitLab, available now on GitLab.com.
- Release post: https://about.gitlab.com/releases/2023/07/22/gitlab-16-2-released/#support-for-keyless-signing-with-cosign
- Code used in this video: https://gitlab.com/bwill/container-signing/-/tree/aeb9ba494f2b5fb761c91ca53a221295eaf79ef3
- Cosign project: https://github.com/sigstore/cosign
- Sigstore policy controller: https://github.com/sigstore/policy-controller
- Release post: https://about.gitlab.com/releases/2023/07/22/gitlab-16-2-released/#support-for-keyless-signing-with-cosign
- Code used in this video: https://gitlab.com/bwill/container-signing/-/tree/aeb9ba494f2b5fb761c91ca53a221295eaf79ef3
- Cosign project: https://github.com/sigstore/cosign
- Sigstore policy controller: https://github.com/sigstore/policy-controller
- 1 participant
- 12 minutes
15 Aug 2023
Monthly group discussion to review the planning issue for the upcoming milestone: https://gitlab.com/gitlab-org/gitlab/-/issues/420162.
- 2 participants
- 12 minutes
24 Jul 2023
Description of the left nav for security findings using a test project against a production instance of Gitlab
- 4 participants
- 23 minutes
5 Jul 2023
A breakdown of the UX enhancements that are coming to the Scan Execution Policy workflow in %16.2.
For more information or feedback, see the epic (https://gitlab.com/groups/gitlab-org/-/epics/8695)
For more information or feedback, see the epic (https://gitlab.com/groups/gitlab-org/-/epics/8695)
- 1 participant
- 2 minutes
7 Apr 2023
This video describes the latest rewrite of the Security Reports Merge Request Widget.
- 1 participant
- 3 minutes
10 Jan 2023
Closing ceremony for FCL for Govern: Security Policies team.
Pre-recording: https://youtu.be/ZpOxrCIPguY
Incident: https://gitlab.com/gitlab-com/gl-infra/production/-/issues/8159
RCA: https://gitlab.com/gitlab-org/gitlab/-/issues/387556
FCL: https://gitlab.com/gitlab-com/feature-change-locks/-/issues/34
Pre-recording: https://youtu.be/ZpOxrCIPguY
Incident: https://gitlab.com/gitlab-com/gl-infra/production/-/issues/8159
RCA: https://gitlab.com/gitlab-org/gitlab/-/issues/387556
FCL: https://gitlab.com/gitlab-com/feature-change-locks/-/issues/34
- 3 participants
- 14 minutes
9 Jan 2023
This is pre-recorded summary of work related with FCL for Govern: Security Policies team.
Incident: https://gitlab.com/gitlab-com/gl-infra/production/-/issues/8159
RCA: https://gitlab.com/gitlab-org/gitlab/-/issues/387556
FCL: https://gitlab.com/gitlab-com/feature-change-locks/-/issues/34
Incident: https://gitlab.com/gitlab-com/gl-infra/production/-/issues/8159
RCA: https://gitlab.com/gitlab-org/gitlab/-/issues/387556
FCL: https://gitlab.com/gitlab-com/feature-change-locks/-/issues/34
- 1 participant
- 13 minutes
8 Dec 2022
This is a brief overview of the artchitecture, design and project setup for the External License DB.
Chapters:
0:00 - Architecture Overview
04:10 - Namespace Layout
04:30 - DB Schema
06:17 - Feeder
09:30 - Interfacer
11:00 - Processor
13:20 - Exporter
14:53 - Deployment
16:43 Terraform Environments
18:58 Deployment Jobs
20:00 Documentation & Wrap Up
Chapters:
0:00 - Architecture Overview
04:10 - Namespace Layout
04:30 - DB Schema
06:17 - Feeder
09:30 - Interfacer
11:00 - Processor
13:20 - Exporter
14:53 - Deployment
16:43 Terraform Environments
18:58 Deployment Jobs
20:00 Documentation & Wrap Up
- 1 participant
- 22 minutes
14 Sep 2022
For any questions or comments feel free to reach me out:
https://gitlab.com/svedova
https://twitter.com/savasvedova
===============================================
Scripts: https://gitlab.com/gitlab-org/gitlab/-/snippets/2408961
https://gitlab.com/svedova
https://twitter.com/savasvedova
===============================================
Scripts: https://gitlab.com/gitlab-org/gitlab/-/snippets/2408961
- 2 participants
- 18 minutes
12 Sep 2022
Related to https://gitlab.com/gitlab-org/gitlab/-/issues/372790
This is a short walkthrough of GitLab Container Scanning analyzer repository for developers to help transition the source code to new group.
This is a short walkthrough of GitLab Container Scanning analyzer repository for developers to help transition the source code to new group.
- 1 participant
- 17 minutes
17 Aug 2022
Related to https://gitlab.com/gitlab-org/gitlab/-/issues/341358
This video presents a demo recorded in the local environment to present the current progress of the work for Cluster Image Scanning scan enforced by Security Policy in the connected cluster.
NOTE: This demo is presenting a work that was not yet merged to GitLab, the behavior or configuration might change during the review process.
This video presents a demo recorded in the local environment to present the current progress of the work for Cluster Image Scanning scan enforced by Security Policy in the connected cluster.
NOTE: This demo is presenting a work that was not yet merged to GitLab, the behavior or configuration might change during the review process.
- 1 participant
- 4 minutes
20 May 2022
Issue: https://gitlab.com/gitlab-org/gitlab/-/issues/362744
Snippet with the script: https://gitlab.com/gitlab-org/gitlab/-/snippets/2328089
Snippet with the script: https://gitlab.com/gitlab-org/gitlab/-/snippets/2328089
- 1 participant
- 8 minutes
18 May 2022
Container Scanning is now available for all GitLab tiers. Get started today!
https://docs.gitlab.com/ee/user/application_security/container_scanning/
https://docs.gitlab.com/ee/user/application_security/container_scanning/
- 1 participant
- 1 minute
5 Nov 2021
Documentation: https://docs.gitlab.com/ee/user/application_security/cluster_image_scanning/#cluster-image-scanning-with-the-gitlab-kubernetes-agent
Epic (leave your feedback here): https://gitlab.com/groups/gitlab-org/-/epics/3410
Epic (leave your feedback here): https://gitlab.com/groups/gitlab-org/-/epics/3410
- 1 participant
- 10 minutes
6 Sep 2021
In this demo we are adding new scans to Security Policies: Cluster Image Scanning and Container Scanning. This allows us to enforce running Cluster Image Scanning and Container Scanning scans defined in the policy or schedule scans to run periodically.
Issue: https://gitlab.com/gitlab-org/gitlab/-/issues/330714
MR: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/69253
Issue: https://gitlab.com/gitlab-org/gitlab/-/issues/330714
MR: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/69253
- 1 participant
- 12 minutes
14 Jul 2021
https://docs.google.com/document/d/1qCwZfoo1A-FihE2ifzd4ZT_Mpz-xFzZvAPJ7pJvWCEY (internal document)
- 5 participants
- 40 minutes
9 Jul 2021
Demo of new feature introduced in GitLab 14.1.
More information: https://gitlab.com/groups/gitlab-org/-/epics/3410
Documentation: https://docs.gitlab.com/ee/user/application_security/cluster_image_scanning/index.html
More information: https://gitlab.com/groups/gitlab-org/-/epics/3410
Documentation: https://docs.gitlab.com/ee/user/application_security/cluster_image_scanning/index.html
- 1 participant
- 10 minutes
4 May 2021
Joint Direction for Container Security and Compliance: https://www.youtube.com/watch?v=grg_M1MtiYw&list=PL05JrBw4t0Kq4O8RBlOKi_euwv8NyI8yt&index=3
High Level Direction for Security Approvals: https://www.youtube.com/watch?v=KEAieGVSjGo&list=PL05JrBw4t0Kq4O8RBlOKi_euwv8NyI8yt&index=10
High Level Direction for Security Approvals: https://www.youtube.com/watch?v=KEAieGVSjGo&list=PL05JrBw4t0Kq4O8RBlOKi_euwv8NyI8yt&index=10
- 2 participants
- 18 minutes
9 Apr 2021
Short-term Compliance Epic: https://gitlab.com/groups/gitlab-org/-/epics/3156
Short-term Security Orchestration Epic: https://gitlab.com/groups/gitlab-org/-/epics/4598
Long-term Shared Vision Prototype: https://gitlab-org-threat-management-defend-demos-policy-mock.34.83.185.53.nip.io/group_create.html#
Feedback Issue: https://gitlab.com/gitlab-org/gitlab/-/issues/326520
Short-term Security Orchestration Epic: https://gitlab.com/groups/gitlab-org/-/epics/4598
Long-term Shared Vision Prototype: https://gitlab-org-threat-management-defend-demos-policy-mock.34.83.185.53.nip.io/group_create.html#
Feedback Issue: https://gitlab.com/gitlab-org/gitlab/-/issues/326520
- 2 participants
- 11 minutes
1 Mar 2021
PM members from Growth, Secure, and Protect discuss features and upcoming initiatives to identify new opportunities for growth experiments. Keep unlisted as this discusses some forward-looking strategic items that may not be public.
- 7 participants
- 58 minutes
12 Feb 2021
- 2 participants
- 55 minutes
8 Feb 2021
Cluster integration & Cluster management apps (aka. GMA v2) walkthrough:
- https://www.youtube.com/watch?v=mKm-jkranEk
Cilium and Ingress (through GMA v2) installation walkthrough:
- https://www.youtube.com/watch?v=pgUEdhdhoUI
Cilium&Ingress in your local dev environment:
- https://www.youtube.com/watch?v=R2O2Y8_MrQ8
Gitlab k8s agent docs:
- https://docs.gitlab.com/ee/user/clusters/agent/
- https://www.youtube.com/watch?v=mKm-jkranEk
Cilium and Ingress (through GMA v2) installation walkthrough:
- https://www.youtube.com/watch?v=pgUEdhdhoUI
Cilium&Ingress in your local dev environment:
- https://www.youtube.com/watch?v=R2O2Y8_MrQ8
Gitlab k8s agent docs:
- https://docs.gitlab.com/ee/user/clusters/agent/
- 1 participant
- 20 minutes
5 Feb 2021
In this video we are going through some spikes related to Security Orchestration Policy and we are presenting current state of the work and general idea of how this could be implemented on the backend side.
This part of the video shows changes made in https://gitlab.com/gitlab-org/gitlab/-/merge_requests/52661/diffs?commit_id=e3cab09feb477f68688ee28db81592886e168053
This part of the video shows changes made in https://gitlab.com/gitlab-org/gitlab/-/merge_requests/52661/diffs?commit_id=e3cab09feb477f68688ee28db81592886e168053
- 1 participant
- 4 minutes
1 Feb 2021
Gitlab GDK:
- https://gitlab.com/gitlab-org/gitlab-development-kit#gitlab-development-kit-gdk
Minikube setup:
- Dev onboarding: https://gitlab.com/gitlab-org/threat-management/onboarding/-/blob/master/.gitlab/issue_templates/ContainerSecurity-TechnicalOnboarding.md#minikube-and-local-registry-on-macos
- Cilium related info: https://docs.cilium.io/en/v1.8/gettingstarted/minikube/#getting-started-using-minikube
- Minikube official docs: https://minikube.sigs.k8s.io/docs/start/
Adding existing cluster to GitLab:
- https://docs.gitlab.com/ee/user/project/clusters/add_remove_clusters.html#existing-kubernetes-cluster
Creating cluster management (GMA v2) project:
- https://docs.gitlab.com/ee/user/clusters/applications.html#usage
Assigning a cluster management project to a cluster:
- https://docs.gitlab.com/ee/user/clusters/management_project.html
Install Cilium and Ingress through GMA v2:
- https://docs.gitlab.com/ee/user/clusters/applications.html#install-cilium-using-gitlab-cicd
- https://docs.gitlab.com/ee/user/clusters/applications.html#install-ingress-using-gitlab-cicd
Managing CiliumNetworkPolicies through Threat Monitoring:
- https://docs.gitlab.com/ee/user/application_security/threat_monitoring/
Environmental variables:
- https://docs.gitlab.com/ee/user/project/clusters/#deployment-variables
- https://gitlab.com/gitlab-org/gitlab-development-kit#gitlab-development-kit-gdk
Minikube setup:
- Dev onboarding: https://gitlab.com/gitlab-org/threat-management/onboarding/-/blob/master/.gitlab/issue_templates/ContainerSecurity-TechnicalOnboarding.md#minikube-and-local-registry-on-macos
- Cilium related info: https://docs.cilium.io/en/v1.8/gettingstarted/minikube/#getting-started-using-minikube
- Minikube official docs: https://minikube.sigs.k8s.io/docs/start/
Adding existing cluster to GitLab:
- https://docs.gitlab.com/ee/user/project/clusters/add_remove_clusters.html#existing-kubernetes-cluster
Creating cluster management (GMA v2) project:
- https://docs.gitlab.com/ee/user/clusters/applications.html#usage
Assigning a cluster management project to a cluster:
- https://docs.gitlab.com/ee/user/clusters/management_project.html
Install Cilium and Ingress through GMA v2:
- https://docs.gitlab.com/ee/user/clusters/applications.html#install-cilium-using-gitlab-cicd
- https://docs.gitlab.com/ee/user/clusters/applications.html#install-ingress-using-gitlab-cicd
Managing CiliumNetworkPolicies through Threat Monitoring:
- https://docs.gitlab.com/ee/user/application_security/threat_monitoring/
Environmental variables:
- https://docs.gitlab.com/ee/user/project/clusters/#deployment-variables
- 1 participant
- 26 minutes
27 Jan 2021
In this video we are explaining the idea of having Security Orchestration Policies as Repository with YAML files instead of other idea to store them in database.
You can read more about that idea here: https://gitlab.com/groups/gitlab-org/-/epics/4598 and the code that was presented during this video is available here: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/52661
You can read more about that idea here: https://gitlab.com/groups/gitlab-org/-/epics/4598 and the code that was presented during this video is available here: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/52661
- 1 participant
- 13 minutes
14 Jan 2021
In this video we are going through 2 spikes related to Security Orchestration Policy: https://gitlab.com/gitlab-org/gitlab/-/issues/280314 and https://gitlab.com/gitlab-org/gitlab/-/issues/280314 and we are presenting current state of the work and general idea of how this could be implemented on the backend side.
- 1 participant
- 8 minutes
26 Oct 2020
A brief overview of the goals and focus areas for GitLab's new Protect stage
- 2 participants
- 3 minutes
24 Sep 2020
Demo prepared as a part of the proposed solution for https://gitlab.com/gitlab-org/gitlab/-/issues/216983.
In this video we are presenting how to achieve Active Response engine with simple Go application and Falco, that can run scripts that are using ie. kubectl, curl, or any other bash commands.
In this video we are presenting how to achieve Active Response engine with simple Go application and Falco, that can run scripts that are using ie. kubectl, curl, or any other bash commands.
- 1 participant
- 6 minutes
15 Sep 2020
Thank you for watching this preview of the upcoming Secure & Defend Section Public Livestream on 2020-09-17!
- 3 participants
- 14 minutes
17 Aug 2020
- 1 participant
- 2 minutes
6 Aug 2020
Preview session for the upcoming Secure & Defend Section Group Conversation livestream scheduled for 2020-08-06. Hear updates related to the Secure & Defend stages from David DeSanto, Todd Stadelhofer, and Wayne Haber.
- 3 participants
- 11 minutes
16 Jul 2020
GitLab provides Cilium as a managed application enabling you to work with Network Policies. Network policies in Kubernetes, detect and block unauthorized network traffic between pods and to/from the Internet.
This video shows Network Policies in action and how you can install Cilium as a GitLab managed application.
Follow @awkwardferny and @gitlab on twitter. 🐦
Installing Cilium as a Gitlab managed application: https://docs.gitlab.com/ee/user/clusters/applications.html#install-cilium-using-gitlab-cicd
RoadMap for Container Network Security: https://about.gitlab.com/direction/defend/container_network_security/
Network Policy Rules: https://kubernetes.io/docs/concepts/services-networking/network-policies/
Get in touch with Sales: http://bit.ly/2IygR7z
This video shows Network Policies in action and how you can install Cilium as a GitLab managed application.
Follow @awkwardferny and @gitlab on twitter. 🐦
Installing Cilium as a Gitlab managed application: https://docs.gitlab.com/ee/user/clusters/applications.html#install-cilium-using-gitlab-cicd
RoadMap for Container Network Security: https://about.gitlab.com/direction/defend/container_network_security/
Network Policy Rules: https://kubernetes.io/docs/concepts/services-networking/network-policies/
Get in touch with Sales: http://bit.ly/2IygR7z
- 1 participant
- 4 minutes
8 Jul 2020
design review for alerts MVC (threats monitoring): https://gitlab.com/groups/gitlab-org/-/epics/3438
- 1 participant
- 6 minutes
2 Jul 2020
Engineers from the Threat Insights group ask Secure engineers about Vulnerability Management related questions.
- 8 participants
- 48 minutes
25 Jun 2020
How to associate a management project with your K8S cluster
Documentation: https://docs.gitlab.com/ee/user/clusters/management_project.html
Documentation: https://docs.gitlab.com/ee/user/clusters/management_project.html
- 1 participant
- 2 minutes
24 Jun 2020
Link to the documentation: https://docs.gitlab.com/ee/user/clusters/applications.html#install-apparmor-using-gitlab-cicd
- 1 participant
- 5 minutes
24 Jun 2020
Documentation: https://docs.gitlab.com/ee/topics/web_application_firewall/
This video demonstrates how to install the Web Application Firewall in logging and blocking modes.
Previous video in the series: https://youtu.be/IN-XGE1X8Mo
OWASP Core Rule Set:
- https://coreruleset.org/
- https://github.com/coreruleset/coreruleset/
This video demonstrates how to install the Web Application Firewall in logging and blocking modes.
Previous video in the series: https://youtu.be/IN-XGE1X8Mo
OWASP Core Rule Set:
- https://coreruleset.org/
- https://github.com/coreruleset/coreruleset/
- 1 participant
- 2 minutes
23 Jun 2020
Weekly meeting for the Secure:Threat Insights (previously Defend:Threat Insights) group
- 5 participants
- 28 minutes
18 Jun 2020
Documentation: https://docs.gitlab.com/ee/topics/web_application_firewall/quick_start_guide.html
All container security features in GitLab require Kubernetes. This video shows how to quickly create a Kubernetes cluster using the WAF Quickstart guide.
All container security features in GitLab require Kubernetes. This video shows how to quickly create a Kubernetes cluster using the WAF Quickstart guide.
- 1 participant
- 2 minutes
16 Jun 2020
This is a demo of the new Container Host Security feature available in GitLab 13.2. The feature embeds Falco to allow security analysts to monitor containers for potentially anomalous behavior and be confident that they were not compromised by a malicious actor.
https://gitlab.com/gitlab-org/gitlab/-/issues/218026
https://gitlab.com/gitlab-org/gitlab/-/issues/218026
- 1 participant
- 11 minutes
15 Jun 2020
This video demos the vulnerabilities over time chart which is going to be re-added in 13.1.
- 1 participant
- 2 minutes
11 Jun 2020
Preview session for the upcoming Secure & Defend Section Group Conversation livestream scheduled for 2020-06-15. Hear updates related to the Secure & Defend stages from David DeSanto, Todd Stadelhofer, and Wayne Haber.
- 3 participants
- 9 minutes
26 May 2020
Issues:
- Create Merge Request from Vulnerability - https://gitlab.com/gitlab-org/gitlab/-/issues/216300
- Download Patch from Vulnerability - https://gitlab.com/gitlab-org/gitlab/-/issues/216300
- Create Merge Request from Vulnerability - https://gitlab.com/gitlab-org/gitlab/-/issues/216300
- Download Patch from Vulnerability - https://gitlab.com/gitlab-org/gitlab/-/issues/216300
- 1 participant
- 3 minutes
26 May 2020
This video is a walkthrough for https://gitlab.com/gitlab-org/gitlab/-/merge_requests/32301
- 1 participant
- 11 minutes
25 May 2020
Eagles perform "Hotel California" at the 1998 Rock & Roll Hall of Fame Induction Ceremony.
Looking for more Induction Ceremony memories from Eagles? Visit the band's official Hall of Fame online bio: http://rockhall.com/inductees/eagles
Dive into the full 1998 Induction Ceremony video collection at rockhall.com/inductees/classes/1998 and watch all videos, read from the official Hall of Fame program bios and view image galleries from the big night and archival materials.
Looking for more Induction Ceremony memories from Eagles? Visit the band's official Hall of Fame online bio: http://rockhall.com/inductees/eagles
Dive into the full 1998 Induction Ceremony video collection at rockhall.com/inductees/classes/1998 and watch all videos, read from the official Hall of Fame program bios and view image galleries from the big night and archival materials.
- 1 participant
- 7 minutes
18 May 2020
- 1 participant
- 4 minutes
15 May 2020
Defend:Threat Insights will look to deliver Exportable Group Security reports along with UX enhancements for 13.1.
https://about.gitlab.com/direction/defend/vulnerability_management/
https://about.gitlab.com/direction/defend/vulnerability_management/
- 1 participant
- 7 minutes
20 Apr 2020
An outline of the entire standalone vulnerability feature
Docs:
- https://docs.gitlab.com/ee/user/application_security/security_dashboard/
- https://docs.gitlab.com/ee/user/application_security/vulnerabilities/#standalone-vulnerability-pages
Docs:
- https://docs.gitlab.com/ee/user/application_security/security_dashboard/
- https://docs.gitlab.com/ee/user/application_security/vulnerabilities/#standalone-vulnerability-pages
- 1 participant
- 7 minutes
16 Apr 2020
The Defend:Threat Insights Group is working on Instance-level exportable security reports for 13.0:
https://gitlab.com/groups/gitlab-org/-/boards/1241267?scope=all&utf8=%E2%9C%93&state=opened&label_name[]=devops%3A%3Adefend&label_name[]=direction&label_name[]=group%3A%3Athreat%20insights
https://gitlab.com/groups/gitlab-org/-/boards/1241267?scope=all&utf8=%E2%9C%93&state=opened&label_name[]=devops%3A%3Adefend&label_name[]=direction&label_name[]=group%3A%3Athreat%20insights
- 1 participant
- 5 minutes
9 Apr 2020
Added the multi-dismiss vulnerabilities feature on the the project security dashboard and vulnerability list.
- 1 participant
- 3 minutes
8 Apr 2020
Demos of one of the features prepared for https://gitlab.com/gitlab-org/gitlab/-/issues/213598
MR: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/29140
In this demo we are presenting new fields added to GraphQL API: findings (id, projectFingerprint), createVulnerabilityFeedbackDismissalPath and userPermissions.
MR: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/29150
In this demo we are presenting new mutation added to GraphQL API to Dismiss Vulnerabilities.
MR: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/29140
In this demo we are presenting new fields added to GraphQL API: findings (id, projectFingerprint), createVulnerabilityFeedbackDismissalPath and userPermissions.
MR: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/29150
In this demo we are presenting new mutation added to GraphQL API to Dismiss Vulnerabilities.
- 1 participant
- 5 minutes
7 Apr 2020
The user should only be able to create one issue per vulnerability
- 1 participant
- 2 minutes
3 Apr 2020
# FCV dashboards
## Project security dashboard
This is the most complete dashboard and a lot of what we built here can be re-used on the others.
### Already have
- List
- Filters
- Counts
- Unconfigured state
### Might have
- File path on the vulnerability list
- Filtering for the counts (there’s no backend for this yet)
---
## Group Security Dashboard
This one isn’t too far behind the project dashboard, but does have a few missing features that exist on the current group security dashboard. Most of these are known and were never planned to be part of the MVC
### Already have
- List
### Will have
- Filters
- Unconfigured State
### Might have
- A project filter
- Project path on the vulnerability list
### Won’t have
- Vulnerabilities over time
- Project security status
---
## Instance security dashboard
This is the furthest behind. We don’t currently have all the GraphQL endpoints we need for this, but can still develop the frontend in parallel so we’re ready for them when they do ship.
### Already have
### Will have
- List
- Filters (excluding the project filter)
- Unconfigured state
### Might have
- A project filter
- Project path on the vulnerability list
### Won’t have
- Vulnerabilities over time
- Project security status
---
## General / Vulnerability list
Just a few things that pertain to all the dashboards as they’re features on the vulnerability list.
### Don’t need?
- Pipeline status on the project dashboard
### Won’t have
- Inline linked issues on the vulnerability list (we ran out of time)
- Inline Dismissal comments on the vulnerability list
### Can’t have
- Multiple select dismissals (because we can’t dismiss from the lists any more)
## Project security dashboard
This is the most complete dashboard and a lot of what we built here can be re-used on the others.
### Already have
- List
- Filters
- Counts
- Unconfigured state
### Might have
- File path on the vulnerability list
- Filtering for the counts (there’s no backend for this yet)
---
## Group Security Dashboard
This one isn’t too far behind the project dashboard, but does have a few missing features that exist on the current group security dashboard. Most of these are known and were never planned to be part of the MVC
### Already have
- List
### Will have
- Filters
- Unconfigured State
### Might have
- A project filter
- Project path on the vulnerability list
### Won’t have
- Vulnerabilities over time
- Project security status
---
## Instance security dashboard
This is the furthest behind. We don’t currently have all the GraphQL endpoints we need for this, but can still develop the frontend in parallel so we’re ready for them when they do ship.
### Already have
### Will have
- List
- Filters (excluding the project filter)
- Unconfigured state
### Might have
- A project filter
- Project path on the vulnerability list
### Won’t have
- Vulnerabilities over time
- Project security status
---
## General / Vulnerability list
Just a few things that pertain to all the dashboards as they’re features on the vulnerability list.
### Don’t need?
- Pipeline status on the project dashboard
### Won’t have
- Inline linked issues on the vulnerability list (we ran out of time)
- Inline Dismissal comments on the vulnerability list
### Can’t have
- Multiple select dismissals (because we can’t dismiss from the lists any more)
- 1 participant
- 20 minutes
3 Apr 2020
This is a demo of GitLab's Kubernetes deployment options as well as a discussion of the implications for the Defend roadmap.
Notes: https://docs.google.com/document/d/1OTzDtRV1EOesU_dyrNAUpjibyk0gKUWP5bVrTzTmTw8/edit?usp=sharing
Notes: https://docs.google.com/document/d/1OTzDtRV1EOesU_dyrNAUpjibyk0gKUWP5bVrTzTmTw8/edit?usp=sharing
- 3 participants
- 50 minutes
2 Apr 2020
A short demo for the https://gitlab.com/gitlab-org/gitlab/-/merge_requests/28414 implementation.
- 1 participant
- 3 minutes
1 Apr 2020
A demo of the graphQL based filtering on the project security dashboard
- 1 participant
- 3 minutes
1 Apr 2020
https://about.gitlab.com/blog/2020/04/02/security-trends-in-gitlab-hosted-projects/
Top security risks include using components with known vulnerabilities, XSS, lack of secret management, lack of CSP, CSRF, and SQLi
Top security risks include using components with known vulnerabilities, XSS, lack of secret management, lack of CSP, CSRF, and SQLi
- 1 participant
- 5 minutes
31 Mar 2020
Frontend Engineer Sam Beckham recorded this demo of the integration of our new Standalone Vulnerabilities (AKA "first class vulnerabilities") into our existing Security Dashboards.
https://gitlab.com/gitlab-org/gitlab/-/merge_requests/27820
https://gitlab.com/gitlab-org/gitlab/-/merge_requests/27820
- 1 participant
- 3 minutes
31 Mar 2020
Frontend Engineer Sam Beckham recorded this demo of the new resolution alert component created to notify a user when a vulnerability is resolved on new standalone vulnerability page
https://gitlab.com/gitlab-org/gitlab/-/merge_requests/27696
https://gitlab.com/gitlab-org/gitlab/-/merge_requests/27696
- 1 participant
- 2 minutes
23 Mar 2020
Sam has been working on the Security Dashboard Integration recently. As the task has shown to be bigger than expected, we had a talk/planning on how to divide it so that multiple people can work at the same time on different parts of it.
Here is the MR for the plan we decided to follow during this talk: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/27674
Here is the MR for the plan we decided to follow during this talk: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/27674
- 2 participants
- 28 minutes
17 Mar 2020
Kickoff of Container Security issues planned for the GitLab 12.10 release
https://gitlab.com/gitlab-org/gitlab/-/issues/32365
https://gitlab.com/gitlab-org/gitlab/-/issues/199268
https://gitlab.com/gitlab-org/gitlab/-/issues/199666
https://gitlab.com/gitlab-org/gitlab/-/issues/32365
https://gitlab.com/gitlab-org/gitlab/-/issues/199268
https://gitlab.com/gitlab-org/gitlab/-/issues/199666
- 1 participant
- 3 minutes
16 Mar 2020
Vulnerability Management work continues on standalone vulnerability objects.
https://about.gitlab.com/direction/defend/vulnerability_management/
https://about.gitlab.com/direction/defend/vulnerability_management/
- 1 participant
- 5 minutes
25 Feb 2020
Defend engineers working with PM to breakdown upcoming issues into components, clarify requirements, and identify work boundaries.
- 6 participants
- 30 minutes
25 Feb 2020
Defend engineers working with PM to breakdown upcoming issues into components, clarify requirements, and identify work boundaries.
- 7 participants
- 18 minutes
18 Feb 2020
Defend engineers working with PM to breakdown upcoming issues into components, clarify requirements, and identify work boundaries.
- 7 participants
- 27 minutes
17 Feb 2020
12.9 release kickoff for Threat Management covering the MVC for First Class Vulnerabilities and Exportable project-level Dashboard reports.
- 1 participant
- 8 minutes
16 Feb 2020
Senior frontend engineer Daniel Tian shares a demo of the status header created for the new standalone vulnerability page being developed in the Defend Stage.
- 1 participant
- <1 minute
12 Feb 2020
Defend engineers working with PM to breakdown upcoming issues into components, clarify requirements, and identify work boundaries.
- 7 participants
- 20 minutes
10 Feb 2020
Defend engineers working with PM to breakdown upcoming issues into components, clarify requirements, and identify work boundaries.
- 9 participants
- 32 minutes
5 Feb 2020
Defend engineers working with PM to breakdown upcoming issues into components, clarify requirements, and identify work boundaries.
- 9 participants
- 33 minutes
5 Feb 2020
Defend engineers working with PM to breakdown upcoming issues into components, clarify requirements, and identify work boundaries.
- 7 participants
- 29 minutes
4 Feb 2020
This is a demo of the new Container Network Security feature available in GitLab 12.8. The feature embeds Cilium to allow users to write NetworkPolicy rules that can restrict traffic between Kubernetes pods in a GitLab managed deployment.
- 2 participants
- 8 minutes
27 Jan 2020
Includes a demo at the beginning of the current state of first-class vulnerabilities: https://gitlab.com/gitlab-org/gitlab/issues/13561
- 6 participants
- 31 minutes
20 Jan 2020
We are hiring: https://about.gitlab.com/jobs/apply/
We defend our customers' applications and infrastructure from the ever-evolving exploitation techniques employed by those who wish to harm our customers.
Launch GitLab developed security technologies and integrate open-source projects to provide security controls for customers.
Employ security controls for our customers at the container, network, host, and application layers.
Provide features to allow customers to manage their security risks effectively and efficiently.
Defend team: https://about.gitlab.com/handbook/engineering/development/defend/
We defend our customers' applications and infrastructure from the ever-evolving exploitation techniques employed by those who wish to harm our customers.
Launch GitLab developed security technologies and integrate open-source projects to provide security controls for customers.
Employ security controls for our customers at the container, network, host, and application layers.
Provide features to allow customers to manage their security risks effectively and efficiently.
Defend team: https://about.gitlab.com/handbook/engineering/development/defend/
- 4 participants
- 5 minutes
20 Jan 2020
Demo portion of the Defend team's weekly discussion and demo of the Standalone Vulnerability MVC progress (https://gitlab.com/gitlab-org/gitlab/issues/13561)
- 7 participants
- 16 minutes
20 Jan 2020
Defend team's weekly discussion and demo of the Standalone Vulnerability MVC progress (https://gitlab.com/gitlab-org/gitlab/issues/13561)
- 7 participants
- 23 minutes
16 Jan 2020
See the new audit (listen-only) mode we're introducing as a follow up to the new Container Network Security MVC released in 12.7. This will involve another upstream contribution to the Cilium project.
- 1 participant
- 3 minutes
16 Jan 2020
We're continuing work on the First Class Vulnerabilities MVC for 12.8.
- 1 participant
- 3 minutes
17 Dec 2019
Be sure to check out the Application Infrastructure Security planning board: https://gitlab.com/groups/gitlab-org/-/boards/1420731?label_name[]=group%3A%3Aapplication%20infrastructure%20security
- 1 participant
- 7 minutes
17 Dec 2019
Be sure to check out the Threat Management planning board: https://gitlab.com/groups/gitlab-org/-/boards/1420734?&label_name[]=group%3A%3Athreat%20management
- 1 participant
- 5 minutes
17 Oct 2019
Walk through of planned priorities for 12.5 iteration of GitLab, focused on Defend stage and Secure::Static Analysis group.
- 2 participants
- 15 minutes
16 Sep 2019
Kickoff for the GitLab 12.4 release, for the Defend stage and the Static Analysis and Dynamic Analysis groups for Secure stage
- 4 participants
- 9 minutes
9 Sep 2019
Quick demo on progress for enabling Web Application Firewall for Kubernetes
Issue: https://gitlab.com/gitlab-org/gitlab-ce/issues/65192
Issue: https://gitlab.com/gitlab-org/gitlab-ce/issues/65192
- 5 participants
- 29 minutes
