►
From YouTube: Speed to Mission: Government Security Short
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
I
want
to
tell
you
a
couple
of
stories
about
how
government
is
using
gitlab
to
deliver
cross-domain
solutions
that
is,
transferring
data
from
the
low
side
to
the
high
side
of
networks.
In
our
first
story,
gitlab
worked
with
a
partner
who
directly
supports
a
us
government
mission
program.
They
created
an
internship
project
that
allowed
interns
who
were
uncleared
to
collaborate
on
an
unclassified
instance
of
gitlab.
The
instance
was
used
for
development
and
collaboration
for
that
program,
with
the
results
being
moved
up
to
the
customer
domain
on
the
high
side
for
deployment.
A
This
collaboration
demonstrated
speed
to
mission
value
within
just
a
single
summer.
Using
this
framework,
and
because
of
this
new
capability,
the
customer
was
able
to
continue
to
use
those
interns
throughout
the
following
year.
Solving
the
challenge
of
not
being
able
to
hire
enough
cleared
people
for
the
project.
A
In
our
second
story,
another
customer
is
using
gitlab
to
enable
software
development
and
automated
testing
on
the
low
side
across
multiple
projects.
Each
project
is
automatically
exported
and
sent
to
the
high
side
on
a
daily
basis
where
each
is
then
subsequently
imported.
On
the
high
side
instance
of
git
lab
the
full
history
of
the
project
is
accessible
to
the
high
side
teams,
so
that
those
teams
can
see
all
the
discussions.
The
comments,
the
code,
the
reviews
and
all
the
other
data
related
to
the
project.
They
get
the
full
context.
A
Some
teams
even
fork
the
repository
and
continue
developing
on
the
high
side.
This
allows
agency
teams
to
build
more
applications
faster,
as
they
can
assign
low
code
developers
to
tasks
that
allow
for
quicker
maximized
pool
resources
and
lower
the
overall
organization
cost
the
low
side
developers.
Output
can
then
be
exported
to
the
high
side
to
complete
the
final
product,
while
leveraging
fewer
classified
developers.
A
Github
recently
completed
validating
a
hardened
implementation
that
will
assure
agencies
of
all
types
of
a
fully
secure
vulnerability,
free
implementation
from
regulated
industry,
clients
like
in
finance,
healthcare,
energy,
transportation,
commercial,
all
across
to
government
agencies
and
defense.
This
is
going
to
provide
a
high
level
of
trust,
the
devsecops
lifecycle
and
it's
a
key
component
of
the
dod
software
factories.
Hardening
ensures
a
minimized
risk
profile,
enables
more
secure
applications
that
are
able
to
be
deployed
more
quickly
and
supports
the
continuous
authorization
process
we
talked
about.
A
This
is
going
to
go
into
the
deity
artifact
repository
and
it
will
allow
dod
agencies
to
more
quickly
create
those
applications
we
discussed
now
to
fulfill
the
dod
requirement.
Software
must
meet
standards,
including
installing
completely
on
its
own,
and
not
reaching
out
to
the
internet,
to
acquire
any
additional
libraries
or
files,
as
well
as
be
able
to
perform
rigorous
vulnerability,
scanning
air
gap
networks,
which
are
also
known
as
offline
environments
or
limited
connectivity,
environments
or
sometimes
local
area
networks
or
internet.
A
These
environments
have
physical
barriers
or
secure
policies
like
firewalls
that
prevent
or
limit
internet
access.
Gitlab,
secure
scanners
need
internet
connectivity
to
download
updates
and
the
latest
signatures,
so
in
gitlab
12.10.
It
makes
it
substantially
easier
to
access
these
scanners
when
running
self-hosted,
gitlab,
ultimate
instances
offline
or
with
limited
connectivity.
A
So,
finally,
as
promised,
I
want
to
leave
you
with
some
more
in-depth
resources
that
you
can
scan
here
and
download
to
share
with
your
colleagues,
so
you
can
solve
some
of
those
challenges
that
you're
facing
right
now.
First,
you
can
learn
more
about
how
the
tool
chain
tax
impedes
delivery
and
how
you
can
stop
paying
for
it.
In
the
speed
to
mission
white
paper,
you
can
discover
step-by-step
best
practices
for
government
agency
transformation
and
modernizing
government
I.t
through
devsecops.
A
You
can
get
specific
advice
on
exporting
and
importing
across
enclaves
and
our
cross-domain
devsecops
load
high
collaboration
white
paper.
You
can
learn
more
about
reducing
risk
and
accelerating
network
security
authorizations
for
your
applications
and
devsecops
how
proactive
security
integration
reduces
your
agency's
risk
and
vulnerability.