Home
Contribute Contact Us Browse all meetings
Home Contribute Contact Us Browse all meetings
GitLab / Protect Stage / 26 Oct 2020
GitLab / Protect Stage / 26 Oct 2020
Previous Meeting Next Meeting
Add meeting Rate page Subscribe
youtube image
From YouTube: What is the Protect Stage

Description

A brief overview of the goals and focus areas for GitLab's new Protect stage

A

Hello, everyone and thank you for watching this video. uh We want to give you a quick update as to what uh our recent changes were with regards to defend and protect.

A

So, if you're, looking at uh the home page for gitlab.com you'll notice that, instead of having our defend column here, we now have protect and the reason for that is. We want to make a shift to focus on enterprise readiness and the cloud workload protection platform space so on the protect direction, page you'll see under competitive landscape. This nice pyramid, this pyramid outlines the one of the main focuses for the stage.

A

What we recently launched in 132 was our container host security category and that fits directly into that, and you can see that, with the current capabilities, we're providing found integrity, monitoring, application, allow listing and active response and blocking that's giving our customers as they move containers from development into production, a way to secure them and protect them. Thus, the name protect outside of that.

A

We're really focused on making sure we're enterprise ready for not just protect but for secure as well and to hand over to sam who's, going to explain what our new category does and what you can look forward to.

B

Yeah thanks david, so to talk about security orchestration with that is really an overlay category across both secure and protect, aimed at bringing more enterprise features across all of the scanners. So there really are two kinds of policies that we want to add in support of that security. Orchestration area, one is a scan schedule. Policy and another is a scan results policy and I can show you just a rough uh conceptual mock-up that I've got here of what this workflow could look like in the future.

B

Is that we're hoping to build a new policy section in gitlab, where you can come through and customize your rules for when pipelines are run or perhaps on a certain schedule to have either your branches or your production environment scanned on a regular basis? So this takes what otherwise can be a little bit of a more technical setup in yaml. It makes it more of a user intuitive setup with english language sentences.

B

We want to bring this up to both the group and instance levels as well, so that you can manage these policies across your entire gitlab instance. Similarly, we want to have scan results. Policies that take actions once the scan is complete so that you can write rules. That say you know if a scan finds one or more critical findings, then, for example, you may want to fail the pipeline or perhaps even take other actions coming out of that.

B

Overall, we feel like this change in direction is going to help us to focus more on those features that are going to make gitlab easier to use and make it simpler to enforce these policies across your entire gitlab instance. Thanks for watching, and we look forward to any feedback that you may have to provide.