►
From YouTube: Protect:Container Security group discussion 2022-03-01
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
Welcome
to
our
group
meeting
for
container
security,
it's
been
a
while,
since
we've
had
this
noticed
alexander,
the
list
of
things
for
you
to
demo
has
just
been
slowly
growing
over
time.
B
That's
right:
we
we
have
been
doing
things
on
the
front
end.
It's
most
of
it's
been
behind
feature
flags
such
as
the
operational
vulnerabilities
tab.
I
don't
think
we
demoed
that
in
one
of
these,
or
or
I
like
pointed
it
out
or
the
cluster
agent
vulnerability
list,
that
got
was
behind
feature
flag
and
got
released,
and
so
don't
know
I
don't
know,
I
don't
add
it
to
the
demo
section
because
I'm
like,
oh,
you
can't
really
get
there.
B
It's
you
know
it's
not
as
cool,
but
both
of
those
are
finally
released,
which
is
great.
We've
also
been
working
on
improvements
for
the
policy
drawer
as
part
of
the
follow-up
to
the
policy
page
design
changes.
That's
been
great.
The
we've
just
been
doing
a
lot
of
cleanup
lately,
but
savash
is
going
ahead
with
the
was
at
the
policy
creation.
Wizard
he's
got
a
few,
mrs
up
with
that,
so
hopefully
that
will
be
dropping
soon
and
he's
been
making
some
design
changes
as
well.
B
So
the
last
small
changes
lately,
but
quite
a
few
of
them.
A
Awesome
yeah
great
work.
I
know
we
had
a
bunch
of
really
small
ones
and
that
follow-on
improvements,
work
and
all
know
one
of
them
like
in
and
of
itself,
is
totally
groundbreaking,
but
collectively
they're
gonna
help
really
improve
the
overall
user
experience
for
that
page,
which
is
great
because
we're
we
already
have
been
getting
a
lot
of
visitors
to
that
page
and
I'm
sure
we're
gonna
get
a
whole
lot
more
here.
Now
that
we've
got
scanner
result
policies
in
the
mix
too.
B
Would
you
care
to
share
some
of
the
like
metrics
of
how
many
people
are
visiting
the
page
or
maybe
maybe
later
those.
A
Are
on
our
internal
science
dashboard?
Oh,
you
can
drop
that
into
our
slack
channel.
I
think
I've
shared
it
a
couple
times
before,
but
I
don't
mind
sharing
it
again.
It
is
kind
of
a
policies
I
won't
just
say
like
on
the
note
of
metrics.
For
that
page
it
would
be
nice
to
eventually
actually
implement
some
service
ping
usage
metrics.
A
Instead
of
just
relying
on
the
snow
plow
data,
the
snowplow
data
gives
us
url
visits,
but
for
things
like
policies,
it's
actually
a
bit
misleading,
because
if
you
do
policies
right,
it
should
be
something
that
people
go
in
and
set
it
and
forget
it
and
never
ever
come
back.
So
what
we
actually
saw
was
a
huge
spike
when
we
first
released
it
and
it's
gradually
been
trickling
down
in
usage
per
month
after
that
which
again
that
actually
is
what
we
would
expect
to
see.
A
But
to
get
some
of
the
more
advanced
measurements
of
like
things,
that
would
actually
be
more
useful,
like
the
number
of
projects
using
at
least
one
policy
or
the
total
number
of
policies
that
have
been
created
or
the
number
of
name
spaces
using
policies
like
those
are
the
kind
of
metrics
that
we
want
to
see
go
up
over
time.
So
I
would
like
to
add
in
some
better
tracking
for
that,
but
where
this
is
such
a
new
feature,
we
have
so
many
things
that
we
need
to
add
in
future.
A
And
yeah
yeah
enable
policies
versus
disabled.
All
of
that
would
be
good
data
to
have.
We
don't
get
that
if
it's
not
in
the
url,
we
don't
get
it
at
least
not
right.
Now
so
yeah
I've
got
a
few
items
for
planning
breakdown.
I
think
most
of
all,
four
of
these
we've
handled
async,
but
I
just
wanted
to
talk
through
them
in
case
we
have
questions
the
first
one
is,
I
volunteered
our
group
to
add
ubi-based
image
support
for
a
bunch
of
the
other,
secure
scanners.
A
Become
fips
compliant
and
flips,
like
just
adding
ubi
image.
Support
is
really
step
one
towards
fips
compliance.
There
are
a
bunch
of
other
things
we
still
have
to
do
afterwards,
but
this
will
at
least
get
that
first
step
out
of
the
way
and
allow
us
to
move
on
to
all
of
the
other
steps
that
have
to
be
done.
A
We
did
this
already
for
container
scanning
and
so,
rather
than
have
a
whole
bunch
of
different
teams,
devote
an
engineer
to
come
up
to
speed
on
all
of
this
and
make
it
happen.
You
know
there's
just
like
a
lot
of
ramp
up
time.
We
figured
it
would
be
much
more
efficient
if
we
just
had
one
group
go
and
do
it
for
everybody.
So
that's
why
we're
helping
out
with
some
of
the
other
scanners
across
secure?
C
We
don't
have
to
do
anything
right.
We
already
well.
Cluster
image
scanning
does
not
have
a
hdbi
image
right
now,
so
we
will
probably
have
to
create
one
for
that.
A
You
know
all
in
there's,
probably
like
30
images
that
we
maintain
across
all
of
security.
So
we
have
a
short
list
here.
Container
scanning
we
already
did
but
we're
our
team
is
going
to
go.
Do
it
for
these
other
analyzers
and
again
it's
a
short
list.
So
it's
eight
additional
ones.
C
So
I
have
something:
that's
tangentially
related
wayne
posted
in
the
sex
section
slack
last
week
about
reducing
the
sizes
of
images
and
healing
to
this
tool
called
docker
slim
and
I
tried
using
it
on
some
of
our
images.
I
used
it
on
our
regular
production
image
and
it
reduced
the
size
from
500
megabytes
to
50,
megabytes,
wow
and
it
still
might
have
actually
been.
I
think
it
was
actually
20
something
megabytes.
So
more
than.
C
Of
the
image
that
we're
using
in
production
right
now,
so
I
mean
I
have
not
been
able
to
run
tests
against
that
image.
Yet
because
I'm
having
trouble
getting
dr
slim
to
work
on
ci.
But
if
we
are
able
to
use
that,
then
we
could
reduce
the
image
size
by
like
95.
It's
pretty
crazy.
A
So
that
would
be
huge
and
that
would
quickly
become
a
top
priority
for
us
if
that
works,
because
we
pay
by
the
megabyte
or
by
the
gigabyte
for
data
transfer
costs
anything
that
comes
out
of
google
cloud
we
pay
for
and
the
docker
containers
that
are
transferred.
As
part
of
our
secure
images,
I
mean
it's
a
significant
cost
to
get
lab
for
all
of
this
and
so
yeah.
If
we
can
cut
that
down
by
90,
that
would
be
huge.
We
would
definitely
prioritize
that
work.
A
C
A
Okay,
yeah,
I
will
open
a
spike
and
we
want
to
prioritize
that
soon,
because
if
that
works,
like
I
said,
then
that's
going
to
be
something
that
we're
going
to
want
to
do
right
away
for
all
of
our
scanners.
A
A
Okay,
I
will
move
that
on
to
refinement
the
next
one
is
move
container
scanning
to
free.
We
are
tentatively
planning
to
align
this
with
the
15.0
release.
A
This
one,
actually
we
got
this
one
approved
back
in
november
of
2020
and
it's
just
been
sitting
there
waiting
to
make
it
to
the
way
make
its
way
up
to
the
top
of
our
back
blog,
but
it's
finally
almost
there.
So
I'm
hoping
to
see
that
actually
go
through.
A
Just
trying
to
pull
this
up
real
quick,
so
I
know
like
if
we
look
at
the
mrs
to
move
sas
and
secret
detection
down
to
free.
It
was
pretty
simple
for
them
because
they
didn't
have
any
functionality
in
the
analyzer
itself
that
they
wanted
to
keep
an
ultimate
for
us.
I
think
we
have
at
least
some
functionality
in
the
analyzer
that
would
want
to
keep
an
ultimate
like
generating
solutions
for
vulnerabilities
and.
A
A
A
A
All
right:
well,
if
we
don't
have
answers
today,
that's
fine!
If
you
have
a
chance,
maybe
take
a
look
at
that
and
see.
You
know
it's
just
a
little
bit
tricky
because
we
want
to
license
the
code
with
an
open
source
license.
But
then
we
have
like
this
small
subset
of
code
that
we
want
to
preserve
as
proprietary
or
at
least
the
bit
that
pulls
in
the
proprietary
database
at
a
bare
minimum.
So
I'm
hoping
to
avoid
creating
two
totally
separate
repositories.
A
It
seems
like
that
would
be
a
bit
of
a
pain
to
manage,
but
I
suppose
that
probably
would
solve
the
problem,
but
maybe
there's
some
more
elegant
solution.
We
can
come
up
with.
C
The
the
database
is
technically
not
proprietary,
it's
open
source,
but
it's
licensed
under
ee.
A
So
we
have
two
databases
right:
the
advisory
database
and
that
one
we've
open
sourced
for
everybody,
but
that
one
has
a
one
month
time
delay
and
then
we
have
the
gymnasium
database,
which
the
database
is
public
code,
but
to
use
it
like.
We
reserve
the
rights
around
it.
So
it
is
a
proprietary
database
in
the
sense
that
you're
not
allowed
to
use
it
without
a
paid
license
for
gitlab.
A
And
then
these
last
two,
these
mostly
are
related
to
zamir,
and
I
comment
on
his
questions
asynchronously,
so
we
can
kind
of
skip
through
these,
but
just
for
awareness.
So
you
know
what
he's
working
on
he
just
barely
got
done
doing
scan
result
policies
as
well
as
the
rule
editor.
The
next
thing
is
to
show
that
in
the
mr
approval
settings
area,
so
where
you
go
to
set
up
your
other
mr
approvals,
it
would
be
really
nice
to
see
the
scan
result.
A
Policies
there
in
that
same
place,
so
that
you
can
see
everything
that's
required
for
approval
for
an
mr
while
you're
setting
that
up
anyway.
So
take
a
look
at
that,
if
you
have
a
chance,
there's
a
mock
there
that
he'll
be
building
out
and
then
the
next
one
after
that,
for
him
is
adding
support
for
external
scanners
to
security
approval
policies.
This
is
kind
of
a
small
iteration
right.
Now
we
have
that
drop
down.
You
can
pick
all
or
you
can
pick
like
sas
das.
You
can
pick
which
of
our
scanners.