►
From YouTube: Protect:Container Security group discussion 2021-09-28
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
Welcome
to
our
group
meeting
for
container
security,
the
first
one
today
I
wanted
to
walk
through
is
the
epic
to
allow
the
security
policy
project
to
be
unlinked.
This
was
an
issue
I
promoted
it
to
an
epic
just
because
it
has
back
end
and
front-end
work.
I
felt
like
it
would
be
easier
to
organize
it
that
way
it
should
be
pretty
small
and
pretty
straightforward.
I'm
hoping-
and
I
don't
think
we
have
the
designs
in
the
epic
just
yet,
but
they
are
pretty
much
done
in
the
link
design
issue.
B
I'm
pretty
sure
that
there
is,
I
don't
think
I
don't
think
we
are
back
in
logic
right
now
to
unlink
a
policy
management
project.
A
I
thought
there
was
some
back
and
work.
I
don't
think
it's
big,
I
think,
there's
some
okay.
This
introduces
a
new
trash,
can
delete
icon
here
and
if
you
click
it,
you
get
this
message
saying
unlinking.
The
project
will
have
to
run
this
text.
Past
tech,
writing,
but
basically
saying
the
project
won't,
have
any
policies
at
all.
A
So
if
you
hit
save
actually
that's
not
technically
true
because
it
might
have
some
network
policies,
so
we'll
have
to
wordsmith
that
error
message,
but
you
get
an
error
message,
just
telling
you
exactly
what's
about
to
happen
and
then,
if
you
hit
save,
then
the
project's
removed
and
you're
back
to
that
initial
state
are
any
questions
about
that
or
are
we
ready
to
move
that
to
refinement.
B
It
is
a
little
bit
tricky
having
to
work
with
policies
being
stored
in
two
different
places
at
once,.
A
A
A
A
So
the
next
one
I
wanted
to
cover
was
this
thread.
I've
been
having
with
brian
it's
nmr,
I
apologize.
If
it's
been
holding
up
the
mr,
I
hope
it
hasn't
held
it
up
too
long
long
story
short
is.
We
did
not
really
consider-
or
at
least
I
didn't
fully
think
through,
where
vulnerabilities
would
need
to
be
fixed
and
how
they
would
need
to
be
fixed.
A
A
You
know:
100
deployments
using
the
same
image
now
you're
going
to
have
that
same
vulnerability,
listed
100
times
in
the
vulnerability
report,
and
that's
going
to
just
be
a
lot
of
noise
and
it's
going
to
make
it
really
hard
to
go
through
that
vulnerability
report.
So
I
don't
have
a
ton
of
great
ideas
here,
but
I'm
hopeful
that
we
can
brainstorm
and
find
a
way
to
kind
of
get
the
best
of
both
worlds.
A
We
duplicate
the
vulnerabilities
for
each
package
that
it
exists
in,
and
this
actually
is
a
little
bit
redundant
for
several
reasons,
one
of
which,
most
of
the
time,
in
fact
I'm
wondering
if
it's
all
the
time,
but
at
least
the
vast
majority
of
the
time.
One
of
these
packages
is
really
just
including
or
acquiring
another
package,
and
so
the
vulnerability
propagates
itself
through
several
packages,
and
you
really
just
need
to
update
the
underlying
package
and
that
takes
care
of
the
vulnerability
in
all
of
the
packages.
A
So
the
proposal
here
is
to
consolidate
this
or
group
it
by
showing
it
as
just
one
item
on
the
vulnerability
report.
But
then,
when
we
list
out
the
packages,
we
just
comment
eliminate,
use
a
comment
eliminator
to
separate
them
out
and
say
you
know.
A
I'm
wondering
if
we
need
to
consider
some
sort
of
ux
design
that
does
the
same
thing
for
cluster
image
scanning,
where
it
actually
show
up
as
one
line
item
and
then
somewhere
in
there.
We
would
list
out
all
of
the
different
deployments
that
are
affected
and
I'm
not
sure
what
that
does
from
a
vulnerability
fingerprinting
perspective.
B
B
C
B
Files
right,
so
we
probably
want
to
introduce
like
a
new
type
of
fingerprint,
where
we
can
like
uniquely
identifier,
vulnerability
and
that
vulnerability
can
exist
in
multiple
locations
and
what
we
can
do
is
you
know
when
you
go
to
the
vulnerability
details
page,
you
can
see
all
the
different
locations
where
that
vulnerability
exists.
B
So
we'd
probably
introduce
like
a
new
type
of
fingerprint
like
a
vulnerability,
fingerprint
or
something,
and
then
we
can
group
all
of
the
vulnerabilities
together
to
have
the
same
fingerprint.
A
C
It
is
similar
right
now
in
threat,
insights,
they're,
changing
from
one
system
to
another.
So
so
it's
still
in
the
progress,
I'm
not
sure
if
we
can
use
that
if
we
need
to
come
up
with
some
some
new
idea
I'll
have
to
take
a
look.
Definitely
a
spike
would
be
useful
here
because
we
need
to
understand
what's
going
on
in
threat,
insights
and
if
we
can
use
it
or
not.
So
so
we
just
need
to
start
with
spike
and
try
to
to
find
the
best
idea
here.
B
Yeah,
the
I
don't
really
understand
the
findings
yet,
but
I
think,
like
I
talked
with
thiago
about
it
a
little
bit
and
he
told
me
that
you
know
the
reason
we
have
findings
is
because
there
might
be
multiple
multiple
findings
associated
with
one
vulnerability,
but
today
there's
only
ever
one
finding
for
single
vulnerability.
I
believe
I
I
saw
that
in
a
comment
somewhere
in
the
code.
It
might
not
be
true.
C
That
is
true
like
two
years
ago.
I
believe
there
was
a
transition
to
new
security,
dashboard
and
and
before
that,
we
were
showing
only
those
findings
which
back
then
was
like
vulnerability
occurrences
and
then
we've
introduced
vulnerabilities.
But
what
it
is
right
now
is
actually
essentially
a
copy
of
like
finding
and
in
the
future.
The
goal
is
to
have
one
vulnerability
and
multiple
findings,
so
so
that
would
be
useful
for
us,
because
we're
gonna
have
this
one
vulnerability
with
one
cve
and
then
multiple
occurrences
of
that
vulnerability.
C
As
for
now,
it's
not
supported
yet,
and
I'm
not
sure,
what's
the
the
plan
and
when
it
will
be
supported
to
have
multiple
findings
for
each
vulnerability.
But
that's
interesting.
Definitely
we
do
we.
We
can
come
back
to
that
with
threat
insight
with
makman,
for
example,.
A
Yeah
that
sounds
like
exactly
what
we
need
right.
It's
one
cve
that
exists
in
multiple
locations
and
actually
for
cluster
image
scanning.
It
just
compounds
the
problem,
because
it
could
be
not
only
multiple
deployments
but
also
multiple
packages
within
each
deployment,
so
for
container
scanning
we're
talking
about
rolling
up
the
packages,
but
we
actually
need
to
roll
up
packages
and
deployments
for
for
cluster
image
scanning,
potentially.
A
Okay,
yeah,
that
sounds
great.
Let's
move
forward
with
that,
creating
a
spike
you
know
grand!
I
don't
want
it
to
hold
up
your
mr.
The
feature
is
an
alpha
state
anyway.
So
if
we
need
to
make
changes
to
the
way
we
do
the
fingerprinting
in
the
future,
we
can
but
yeah
I'll
create
a
new
spike
issue
so
that
we
can
look
into
that
and
see
if
there's
a
better
way
we
can
handle
that
or
if
we
need
to
go,
contribute
to
the
threat,
insights,
work.
A
A
A
I
think
you
know
alan
was
pulled
away
to
go
work
on
security
vulnerabilities
for
a
little
while
on
the
manage
import
team,
there's
actually
been
other
individuals
pulled
from
other
teams
to
go
assist
in
other
areas
as
well.
One
of
those
is
the
workspace
group,
so
the
workspace
group
is
a
new
group
in
gitlab.
A
It's
a
new
team
and
they're
actually
getting
a
whole
lot
of
help
too
from
other
engineers
across
the
company
at
the
moment
to
help
accelerate
their
work
and
I'm
still
learning
about
what
they're
doing
so
take
this
with.
You
know
a
grain
of
salt
that
I
don't
have
perfect
information
here,
but
I'll
share
the
latest
and
greatest
of
what
I
know.
A
If
you
will
a
name
space
in
gitlab
right,
so
especially
thinking
about
get
lab
sas.
You
know,
we've
got
a
lot
of
different
companies
and
organizations
there.
They
each
need
to
manage
settings
not
on
a
group
level
but
on
an
organizational
level,
and
so
that's
really
where
this
workspace
object
is
coming
in.
A
You
can't
just
copy
paste
that
over
to
group
without
things
breaking
so
again,
it's
a
little
bit
of
a
mess
right
now
we
have
a
lot
of
different
objects
out
there.
So
part
of
this
is
as
they
create
this
new
object.
They
have
a
new
shared
object
that
gets
inherited
or
extended.
I
think
extended
would
be
the
correct
term.
A
A
So
that's
where
they're
starting
is
just
by
making
that
uber
object.
Apparently
it's
targeted
to
be
done
by
14.,
the
end
of
5.
That
should
be
ready
for
us
to
start
contributing
things
into
that
shared
object
code.
So
it's
the
same
code
for
all
of
the
different
things
out
there.
B
Yes,
I
have
quite
a
few
questions,
so.
C
B
Sounds
like
it's.
Basically,
it
basically
consists
in
multiple
groups.
So
if
it's
gonna
exist
on
sas
or
only.
A
B
A
A
I
don't
and
I
think
they're
actually
discussing
the
name
now
I
I
don't
know
where
the
thread
is
for
that,
but
if
you
can
find
it
you
can
weigh
in
on
that
they
have
actually
a
number
of
different
names.
Namespace
is
being
used
in
the
back
end,
so
you
might
see
name
space
in
the
back
end
code,
then
customer
facing
we're,
calling
it
workspace
and
then
yeah
organization
is
another
name.
So
I
think
that's
an
ongoing
discussion
right
now.
You
might
have
an
opportunity
to
contribute
to
that.
B
A
All
right,
so
with
all
that
information
again,
this
is
mostly
just
informational,
but
because
the
soonest
that
they'll
be
ready
is
the
end
of
14-5
at
least
the
back
end
work
for
all
of
this.
We
probably
don't
want
to
start
until
14
6,
because
otherwise
we're
going
to
be
implementing
this
at
the
group
level
and
that'll
be
more
or
less
throwaway
code
because
we'll
have
to
then
re-implement
it
at
the
whatever
they
call
it
name
space
or
workspace
level.
A
A
A
All
right
we've
reached
the
end
of
our
agenda.
Are
there
any
other
items
to
discuss
today.