►
From YouTube: Group Level Policy Management - GraphQL API Demo
Description
A
Hello:
everyone,
my
name
is
matthew
percesky,
I'm
staff
packet
engineer
in
the
container
security
team,
and
today
I
would
like
to
talk
about
group
level
policy
management.
With
this
feature,
you
will
be
able
to
create
security
policy
project
for
your
group
and
write
your
policies
once
and
apply
them
to
all
projects
in
your
group.
The
feature
itself
is
available
behind
the
feature
flag
and
is
currently
as
a
5th
of
april,
globally,
disabled
and
for
this
demo.
A
I
have
enabled
this
feature
flag
for
one
of
my
group
note
that
your
group
has
to
use
the
gold
plan.
Okay,
let's
get
started
if
you
want
to
know
more
about
the
future
itself.
Go
to
this
epic
you'll
find
all
the
discussions
and
all
the
issues,
and
you
should
be
able
to
find
all
answers.
If
you
have
any
questions,
leave
them
in
the
comments
below
okay,
let's
get
started,
let's
start
with
creating
the
policy
project.
As
of
now,
we
do
not
have
the
ui
for
this.
We
will
use
the
graphical
api.
Let's
do
it.
A
I
have
a
mutation.
I
would
like
to
create
a
security
policy
project.
For
my
group,
this
is
the
group.
I
would
like
to
to
use
it
for,
and
I
would
like
to
get
the
web
url
as
a
result,
so
I
I'm,
I
should
be
able
to
get
it
immediately.
Okay,
I'm
going
to
create
the
project.
A
Okay,
the
project
was
created,
let's
go
there
and,
let's
create,
let's
see
if
it
was
created,
let's
go
here
and
create
this
policy
in
this
project,
so
there
will
be
a
readme
file.
I
can
use.
That
is
very
useful,
so
I
will
just
use
it.
Okay,
I'm
going
to
create
a
new
file.
A
A
Okay,
probably
okay:
let's
go
let's
configure
the
ci
cd
for
for
our
project.
This
will
be
very
simple
cicd,
since
I'm
using
the
container
scanning
to
test
our
policies,
I
need
to
write
some
variables
with
docker
image:
let's
use
alpine
and
very
simple
jobs.
Let's
just
do.
A
Just
one
and
let's
do
similar
thing
in
our
other
project-
let's
see
once
again
set
up
cicd
configure
the
pipeline
and,
let's
hear
use
another
version
of
mine.
Okay,
I'm
going
to
commit
both
of
these
changes.
A
And
you
will
be
able
to
see
that
there
is
actually
container
scanning
applied
to
both
of
these
projects.
So,
as
you
can
see,
we
will
run
scan
that
you
have
configured
for
a
single
group
and
will
run
for
all
projects
within
that
group.
A
So
currently,
this
is,
as
I
said,
behind
the
feature
flag,
we're
testing
we're
planning
to
to
enable
it
globally
soon.
Another
thing
that
you
need
to
use
the
graphql
api
to
enable
it
and
to
use
it
so,
for
example,
security
policy
project
create,
is
one
implementation
you
would
like
to
use.
If
you
already
have
a
project
that
you
already
configured,
and
you
would
like
to
use
that
project
for
your
group
instead
of
the
project,
you
can
simply
do
security
policy
project
assign
then
write.
A
The
name
write
the
full
path
of
your
of
your
group
and
use
the
security
policy
project
id.
A
So,
let's,
let's
say
we
have
the
project
already,
and
you
have
the
id
of
this
project
here,
and
so
you
can
as
well
assign
the
project
that
you
already
created,
for
example,
for
one
of
your
projects
and
you'd
like
to
use
the
security
policy
project.
For
your
group,
you
can
use
it
as
well.
You
can
as
well
unassign
it
from
your
post
from
your
group.
A
Let's
do
an
assign
and
if
I'll
unassign
it
and
then
I'll
try
to
run
the
pipeline
once
again
for
one
of
my
project,
you
will
see
that
the
pipeline
will
not
be
enhanced,
will
not
be
extended
with
these
container
scanning
job.
A
And
that's
it
if
you
would
like
to
know
more
go
down.
Please
go
to
this
epic
you'll
find
more
information
here.
We're
working
on
the
ui
for
this
as
well
so
soon
you'll
be
you'll,
see
all
the
changes
available
in
your
github
instance.
Thank
you.
Bye.