►
From YouTube: Protect PM/CS Sync - September 2021
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
Welcome
to
our
september
sync
up
meeting
with
protect
pm
smear
if
you're
on
and
you've
got
audio,
I
think
you've
got
the
first
agenda
item
for
us.
Do
you
want
to
voice
that
over.
A
He
might
be
stuck
on
me
so
he's
asking
if
I've
seen
cubescape
before
which
I
have
actually
I've
seen
it
it's
been
referred
to
me
a
few
times.
I've
taken
a
good
look
at
it.
It
looks
like
some
really
good
technology,
as
far
as
I
can
tell
it's
mostly
scanning
kubernetes
itself,
to
make
sure
that
kubernetes
is
properly
set
up
and
secured
in
a
way.
That's
in
compliance
with
some
of
the
official
guidelines
that
are
out
there.
A
The
challenge
for
git
lab
is
simply
resources.
It's
not
a
matter
of.
Do
we
want
to
do
this?
The
answer
is
yes,
we
do
want
to
do
it.
It's
really
just
a
matter
of
resourcing
and
time
right
now.
All
of
our
resources
are
on
other
areas,
and
this
would
really
be
a
new
category
for
us.
So
we've
got
container
host
security,
which
is
focused
on
securing
the
containers
themselves.
A
We've
got
container
network
security,
which
is
focused
on
securing
the
network
communication
between
containers.
I
would
really
see
something
like
this
as
a
good
technology
to
plug
into
a
new
category,
something
like
container
infrastructure
security
and
unfortunately,
we
do
not
have
such
a
category.
Today,
we
would
need
to
get
funding
and
approval
to
create
that
category,
but
if
anyone
wanted
to
contribute
to
gitlab
by
integrating
this
with
git
lab,
we
certainly
would
welcome
it.
It's
definitely
in
line
with
where
we
want
to
go.
A
A
At
the
moment
we
have
support
for
dast
and
secret
detection
policies
and
that's
a
way
to
require
those
to
be
run
as
part
of
the
pipeline
independent
of
the
gitlab
ci.aml
file
and
we're
working
on
adding
support
for
sas
so
more
to
come.
There
really
excited
that.
That's
just
been
turned
on
and
we
are
actively
looking
for
feedback
on
anything
related
to
that.
So,
if
you
have
a
customer,
that's
got
some
feedback
to
share
or
has
some
interest
in
that
area.
A
I
would
love
to
speak
with
them
same
quick
question,
for
you
apologies.
I
haven't
looked
at
the
issue,
nor
have
I
kept
track
of
what's
going
on
there.
Is
it
at
a
group
level
or
just
a
project
level
right
now,
right
now
to
the
project
level,
we
are
going
to
move
it.
Well,
not
move
it.
We're
going
to
implement
it
at
the
group
and
workspace
level
as
well
here
in
the
near
future.
So
that's
on
our
red
map.
That's
actually
double
check.
A
I
think
that's
the
next
thing
after
we
add
support
for
sask,
we'll
start
working
on
bringing
that
to
the
group
and
workspace
level.
Are
you
planning
on
doing
it
at
an
instance
level
at
all,
not
the
instance
level?
Only
the
workspace
level,
which
the
workspace
level
effectively
is
everything
that
the
customer
owns.
The
difference
is
that
the
instance
object
in
gitlab
really
is
tied
to
the
hardware.
A
Where
is
the
workspace
is
tied
to
the
customer?
If
that
makes
sense,
yeah
that
makes
sense
for
sas
customer
I'm
wondering
more
on
the
self-managed
side,
but
that's
fine.
So
on
the
self-managed
side
there
is
typically
one
workspace
for
the
entire
instance,
so
it
would
be
effectively
managing
policies
for
everything
in
gitlab,
oh
okay,
I
didn't
realize
there
would
be
a
workspace
at
the
root
level.
Okay,
cool
yep,
yeah,
so
workspace
is
a
shared
object.
It's
not
for
sas!
A
Only
it's
on
sas
and
self-managed,
and
it's
like
I
said
the
difference
is
that
if
we
build
it
on
the
instance
level,
then
it
will
really
only
work
for
self-managed.
Whereas
if
we
go
to
the
workspace
level,
it's
going
to
work
for
everybody
so
workspace,
you
can
think
of
that.
It's
basically
what
you've
been
used
to
thinking
of
as
the
instance
level,
but
it
it's
compatible
with
sas
as
well.
So
it's
you
know,
one
per
one
workspace
per
customer
is
the
best
way
to
think
of
it.
A
So
yep
that's
coming
up
like
I
said
right
after
we
add
support
for
sas
policies,
so
we're
doing
that
next
and
then
we're
going
to
start
looking
at
moving
that
up
to
the
group
and
workspace
levels.
A
One
other
topic
that
we
should
probably
discuss.
I
know
we've
covered
a
lot
in
the
protect
stage
strategy
meeting
and
we've
got
our
secure
stage
strategy
meeting
that
I'm
going
over
some
of
this
next
week.
So
I
don't
want
to
overkill
our
short
and
long
term
room
out,
but
I
did
want
to
just
call
out
the
fact
that
we
are
eventually
planning
to
move
container
scanning
down
to
core
or
free
very
similar
to
what
was
done
for
sas
and
secret
detection.
A
So
users
will
not
get
the
benefit
of
the
vulnerability
report
or
merge
request
approvals,
or
you
know
any
of
the
other
workflow
that's
in
place,
but
we
are
planning
to
make
that
available
all
the
way
down
to
free
at
some
point
in
the
future
and
a
big
part
of
that
is
because
we're
leveraging
an
open
source
technology
to
do
that
container
scanning.
And
so
it
seems
a
little
bit
unfair
to
hold
that
back
for
ultimate.
Only.
A
You
know
when
we're
really
just
reusing
an
open
source
piece,
we're
planning
on
making
the
open
source
piece
available,
all
the
way
down
to
free
and
then
any
and
all
value
add
that
we
build
on
top
of
what
comes
with
the
basic
open
source
scanner.
That's
going
to
be
still
reserved
for
ultimate.
A
B
Yeah,
I
guess
for
for
that
particular
deal
the
the
the
value
of
having
it
within
the
workflow.
It's
it's
still
alive.
B
So
if,
if
things
as
they
are
now,
if
we're
just
using
the
the
open
source
scanner-
and
there
are
additional
vulnerabilities
that
makes
sense
to
me-
you
know-
obviously
I
want
to
see
warren
ultimate,
but
I
I
get
it
and
for
that
particular
one
it
it
doesn't
negatively
impact
it
in
so
much
as
that.
Now
I
can't
say
it's
not
it's
just
an
ultimate
anymore,
but
I
I
do
understand
the
the
reasoning
so.
A
Got
it
yeah,
I
mean
the
the
experience
at
the
free
and
core
level
is
really
going
to
be
designed
for
like
a
single
person
or
a
single
user
or
an
open
source
community.
You
know
it's
a
very
different
experience
where
you
have
to
go
and
manually
download
that
artifact
you
get
this
csv
output,
there's.
A
Yeah
I
mean
if
it's
like
for
me
if
I've
got
a
side
project
that
I'm
working
on,
and
I
just
want
to
make
sure
it's
secure
like
yeah,
it's
a
bit
clunky,
but
I
don't
need
a
whole
workflow
to
manage
that.
So,
actually
that
experience
is
really
great
for
just
helping
the
world
become
more
secure,
but
if
you're
any
sort
of
a
sizable
organization,
obviously
you're
going
to
want
to
start
to
track
those
and
manage
those
vulnerabilities,
and
that
you
know,
of
course,
is
all
limited
to
ultimate
yeah.
B
B
Pleased
to
see
it
was
just
a
download,
I
mean
that
that's
great,
that's
I'm!
I'm
you
get
the
care
and
approval
you'd
be
all.
A
Right
sounds
good
yeah
and
there's
no
gating.
Of
course
you
know
all
that
merge
request
approval,
so
you
know
there's
no
way
to
block
something
from
going
through
it
based
off
of
it.
You
know
there
are
a
lot
of
downsides
to
having
it
in
core,
but
the
goal
is
to
segment
it
such
that
you
know
we're
giving
those
individual
developers
the
tools
they
need
to
be
secure
without
jeopardizing
our
revenue
potential
yeah.
A
A
All
right!
Well,
if
that's
it,
this
might
be
a
really
short
meeting
thanks
everyone
for
joining.
I
appreciate
your
participation
today.
Don't
hesitate
to
reach
out
in
slack
or
otherwise.
If
you
have
anything
come
up.
B
Oh
and
thanks
so
much
for
all
your
your
help
during
that
account,
I
really
appreciate
it.