►
From YouTube: License Scanning Offline Environment Live Demo
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
B
Thanks
Todd,
so
today
we're
going
back
to
demonstrate
maven,
because
the
first
demo
we
did
was
using
vulnerable.
So
we
kind
of
put
all
the
dependencies
within
the
project
itself,
which
is
not
the
usual
way
of
doing
this.
But
this
was
a
way
to
demonstrate
the
other
setups
steps
of
license
compliance
but
know
that
we
have
set
up
some
local
registries
for
the
different
technologies.
B
So
I,
don't
think
unless
you
want
to
it
as
necessary
to
go
back
to
setup
and
prove
again
because
it
was
a
5.
The
first
time
just
go
down
to
a4
last
week
because
we
were
producing
a
local
Myer
earth,
so
it
means
that
we
had
to
open
the
egg,
a
Princeton's
egress
traffic
to
be
able
to
reach
that
local
registry
Kevin.
Is
that
something
that
you
consider
is
a
5
now
is
acceptable
from
a
customer
perspective.
B
C
B
The
case
of
Mahlon,
this
is
not
even
a
problem
because
maven
is
losing
the
currently
in
the
way
we're
suggesting
this.
It's
using
the
get
lab
maven
repository.
So
this
is
a
custom
maven
registry
that
is
built-in
with
Nikita
instance.
So
there
is
no
any
other
outbound
cold
made
from
within
that
VM,
okay,
but
in
the
case
our,
but
this
could
be
an
external
tool
that
we
set
up
an
external
VM
that
could
be
reached
by
the
get
library
of
instance.
B
This
is
exactly
what
has
been
done
for
Python,
for
example,
by
using
a
custom,
PI
P
server
that
is
ousted
on
a
different
VM
and
different
oast
and
which
is
still
on
the
same
internal
network.
So
we
have
authorized
the
air-gap
instance
to
make
outbound
calls
to
that
specific
instances
so
that
it
can
download
the
dependencies
yeah.
So.
B
B
I
can't
stop
so
we
went
from
a
3
to
a
2,
so
I
think
it's
now
I
still
necessary
to
to
shut
this
to
go
through
this
one,
to
see
some
progress
here
so
back
to
step
2,
which
is
about
showing
up
to
sit
up
and
configuring
this
the
offline
documentation
for
license
compliance
is
still
ongoing.
It's
not
publicly
available
right
now,
so
we
have
to
open
met
request
to
explain
this
further.
B
The
first
thing
is
is
to
override
the
the
eclip
CIA
mode,
the
job
definition
by
specifying
the
local
docker
image
that
you
want
to
use.
This
is
by
the
way
currently
needing
to
override
the
job
definition.
We
might
move
away
from
that
by
leveraging
an
arraignment
viable
which
which
make
it
easier
to
configure.
But
this
is
not
the
case
yet,
and
maybe
we
can
log
an
issue
to
improve
that
and
decide
later
if
it's
MVC
our
custom,
VC
I.
D
B
E
B
B
B
Again,
we
are
copying
copying
the
the
docker
images
using
this
sequence,
so
eating
a
bastion
house
from
where
we
can
pull
the
car
images
from
the
Gita
become
registry
saving
in
local
files
and
then
copying
those
files
over
to
the
I
get
concerns
over
its
usage
and
from
there
loading
them
into
the
registry.
This
is
still
the
same.
There
is
a
bunch
of
different
steps
to
do
that,
but
this
is
already
set
up
and
I
would
just
skip
those
ones
until
unless
you
have
any
question.
B
B
B
And
this
is
just
some
housekeeping
to
avoid
later
issues.
This
is
a
little
worker
long
because
silly
to
return,
because
we
have
some
issues
really
important
in
this
area
instance
that
we
didn't
have
time
to
investigate
further
all
right.
So
we
have
the
simple
project
that
has
just
one
dependency,
which
is
a
crystal
artifact
that
we
are
posting
on
the
maven
registry
built-in
within
get
lamb.
B
B
So
this
is
telling
Malin
that
you
should
use
this
specific
settings
files.
We
are
telling
the
licensed
plug-in
to
be
in
debug
mode,
so
we
get
more
information
and
we
are
also
disabling
SSL
checks,
but
we
could
also
get
rid
of
this
one
I
use
this
here
certificates
anyway.
This
is
outside
of
this
demo,
so
I
will
just
leave
it
as
is,
and
keep
the
SSL
disabling
right
now.
B
B
B
So
similarly
we
have
so
these
additional
steps
for
using
the
Python,
so
I
will
use
the
private
one
the
pipe
of
one
by
taking
this
template
here,
which
is
a
simple
Python
project
using
pipe
five
by
five
o'clock.
This
is
setup
to
use
a
custom
registry
by
specifically
the
source
here
and
disabling
SSL
check.
I
can
frog
this
one
into
this
test
group
for
the
demo
again
removing
the
track
relationship.
B
B
B
All
right,
so
this
is
no
studying
by
the
way,
has
already
been
pointed
out.
By
more
way,
we
have
a
detection
step
here
that
tries
to
download
the
latest
showing
from
this
project,
which
might
not
be
relevant
in
da
gap
environment
and
will
try
to
disable
that
to
speed
things
up.
So
this
is
not
completed
and
if
I'm
looking
at
the
pipeline,
I
can
see
in
the
dependency
tab
that
we
have
detected
a
license.
So
I
will
go
back
to.
D
So
yep
step
two
I
think
mm-hmm.
Now
I
got
the
pipeline
running
so
we
set
up
and
configured.
There
was
a
note
that
we
don't
have
the
documentation
live
yet
so
I
think
they've
done
prior
ones.
That
would
mean
that's,
probably
a
maximum
of
three.
Until
we've
got
the
docks.
Does
anybody
have
any
other
concerns.
C
D
D
C
Plus
I
looked
at
the
documentation,
while
he
was
doing
it,
he
was
he
was
cutting
and
pasting
from
the
merge
request.
So
that
was
good.
I
think
the
other
question
I
had
on
the
documentation
was
if
they're
gonna
be
a
section
in
the
doc
that
spells
out
the
specifics
like
it
looks
like
there's
in
that
general
section,
with
the
image
and
the
override,
and
then
there
might
be
a
specific
section
for
different
scanners,
where
an
additional
little
variety
might
be
needed.
Is
that
yeah
yeah.
C
B
This
is
where
it's
gonna
be
confusing,
because
this
is
a
four
maybe
for
Java
would
be
a
five
for
another
one,
or
vice
versa
and
I'm.
Sorry
to
not
have
a
better
way
to
provide
all
this
detailed
I
think
it's
good
enough
to
have
this
as
a
summary
in
the
in
the
following
steps,
because
at
least
we
are
showing
the
process
in
a
generic
way.
But
if
we
are
like
some
missing
bits,
just
for
specific
languages,
we
can
put
them
there.
Yeah.
B
B
The
pipeline
is
successful
here.
It
detected
one
license,
which
is
an
egg
picky
license
here
and
again
we
can
do
a
lot
of
things
here.
I
will
just
go
back
to
the
merge
request
here
and
merge
it
that
that,
similarly,
we
can
see
that
this
is
applying
to
the
configuration
and
the
dependent
license
compliance
page.
B
E
B
B
C
B
Don't
have
the
lights,
a
compliance
vision
of
I
mean
the
the
group
level
of
license.
Compliance
doesn't
show
the
list
of
the
addictive
licenses.
Oh
okay,
my
bad,
sorry,
yeah.
This
is
a
bit
confusing,
because
this
is
where
we
have
an
overlap
between
the
security
features
and
the
compliance
features.
So
the
compliance
group
has
already
moved
forward
on
adding
some
other
compliance
features
at
the
group
level.
So
this
is
just
showing
the
recent
requests
activities
on
all
on
two
projects,
which
is
not
really
good
to
the
security
features.
Yeah.
B
B
This
is
why
this
is
not
fixed
yet
because
the
detection
logic
is
based
on
the
previous
name
and
not
the
new
one,
which
has
been
renamed
from
nicest
management
to
license
scanning,
but
this
is
already
fixed
on
the.com,
sir,
should
we
consider
this
one
as
a
blocker
and
should
we
make
sure
that
we
update
the
doctor
day,
I
gave
instance
209,
or
is
that
acceptable?
This
way.
B
B
C
B
We
baby
can
use
in
there
see
Oriskany
deity
they.
There
is
one
before
because
I'm
wondering
if
there's
any
change
that
might
chip
with
intent
of
ten
that
is
required
for
the
wool
air-gapped
set
up
to
where
we're
flying
environment
set
up
to
work,
because
we
sometimes
are
shipping
some
changes
into
the
vendor
template,
but
so
far
I.
Don't
think
this
is
the
case.
Every
work
we've
put
so
far,
Rd
analyzer.
So
that's
related
to
this
specific
version
of
the
kit
lab.
We.
B
B
Now,
going
back
to
step
three,
which
is
show
added
card
submit
immersive
craft
and
I
have
the
pipeline
run
so
again
in
the
case
of
dependency
scanning
and
license
compliance.
There
is
no
code
change
that
directly
impact
the
dependencies,
so
we
need
to
add
a
new
dependency
or
remove
the
dependency
to
triggers
and
changes
in
the
indie
reports.
So
here
what
we
can
do,
I
will
actually
clone
that
project.
B
B
B
B
B
And
this
was
not
part
of
all
the
sub
step
that
die
dates
reporter
fish
languages,
I
mean
those
steps
are
focusing
on
setting
up
the
tool
making
it
running
in
the
merge
request
and
wait
for
the
pipeline
to
run
and
master
and
show
the
results,
but
it's
not
going
through
the
test
of
adding
a
new
dependency
and
showing
the
deef.
If
you
think
this
is
so
necessary,
we
can
do
that
too.
D
Think
so,
right
now,
I
think
if
we
share
the
results
of
the
pipeline
and
clearly
say
like
this
is
for
this
particulate
for
pip,
not
pip
environment.
We
could
grade
step
four
and
step
six
and
then,
when
you
do
pipi
and
V,
we
could
just
grade
just
step.
Seven
I,
don't
know
if
that
makes
sense,
but
we
could
put
a
note
in
the
column
like
we
did
it
for
pepper
or
whatever.
D
E
D
F
Five,
six
and
seven
card
I
got
the
reverse.
That
sounds
reasonable.
One
thing
to
call
out
on
number
twenty:
nine
we
grade
that
I
was
before
because
additionally
was
missing
just
documentation,
since
we
lumped
in
needing
to
demo
again
with
twelve
point
nine.
Should
this
be
a
three
instead,
because
30
is
out
of
five,
the
concerns
got
moved
over.
D
Yeah
they
I'd
stuck
him
in
the
wrong
when
I
hit
I
hit
shift
instead
of
command,
so
they
went
into
row
30
instead
of
room
twenty-nine,
sigh
bump
them
up
to
twenty
nine
we
can
so.
The
thing
is
with
that
showing
that
configured
we
could
bump
it
down
to
three
if
we
wanted
to,
but
that's
working
right
now
like
we
could
go
to
prod.
C
B
Alright,
so
going
back
to
this
merger
quest,
you
had
a
Django
package.
I
should
not
have
a
license
compliance
report
that
show
the
difference
with
what
we
have
in
the
master
branch.
So
it
detected
two
new
licenses
here
and
those
are
coming
from
the
Django
package
and
from
the
pipe
to
Z.
I
have
no
idea
others
get
pronounced,
but
use
this
new
package,
which
is
a
sub
dependency
of
Django
and
again
going
back
to
the
Python
page
itself.
We
are
the
license
showing
here
like
that,
so
to
demonstrate
results,
step,
which
is
the
poor.
B
B
B
And
this
will
help
us
to
show
that
the
license
plate
is
correctly
updated
and
so
I
went
to
beat
ahead
of
the
scrape.
So
this
is
also
something
that
can
be
switched
easily
between
the
different
places
where
we
are
showing
the
results.
All
those
actions
are
available
in
every
places
we're
showing
the
licenses
so
in
the
discrete
sites
to
do
that
on
the
license
list.
This
can
be
shown
and
the
pipe
run
view
or
the
merge
equals
you
we
have.
We
are
with
the
other
location.
We
were
showing
the
licenses
and.
B
Invest
an
additional
step
that
yeah
I
was
showing
last
time
and
that
is
still
relevant.
Is
we
an
issue
in
the
matching
of
the
licenses?
So,
if
I
explicitly
blacklist
MIT,
this
one
were
here
because
we
do
have
if
I
go
back
to
my
plane,
because
the
license
is
currently
being
reported
as
MIT
license
and
the
sisters
were
explained
with
in
with
this
issue.
B
That's
more
creative
thanks
mo
so
because
we
have
a
local
index
PDX
index
that
allow
us
to
improve
the
matching
by
normalizing
the
license
name
into
some
ideas
from
these
PDX
index,
and
this
is
relying
on
a
cron
job,
which
I
would
this
external
URL,
which
is
not
accessible
from
you
get
instance.
So
this
is
something
that
won't
work
right
now
in
the
air-gap
instance,
but
we
are
looking
at
a
way
to
bundle
and
regularly
update
that
index
with
the
omnibus
package.
D
So
some
to
summarize
it
they
would
have
to
put
in
exact
match
terminology,
so
they
might
have
to
populate,
for
example,
both
MIT
and
MIT
license
as
blocked,
if
they're
trying
to
block
a
license,
so
they
would
have
to
do
more
manual
work.
Do
we
think
that
that
additional
manual
work
is
acceptable
for
the
NBC
or
not.
C
B
When
the
licenses
are
reported-
and
you
get
the
correct
naming
because
the
policy
is
created
directly
from
sorry,
the
policies
created
directly
from
the
name
that
is
being
reported.
So
if
you
see
MIT
license
in
your
report
and
say,
hey
I
want
to
disable
to
do
the
two
blacks.
Is
this
one?
You
click
on
the
button
and
it
works
all
right.
We
know
of
the
master
branch
by
applying
done
so
going
to
the
license
compliance
hook.
Sorry
I
mean
the
wrong
project.
B
B
A
B
B
The
documentation
that
is
missing
for
I'm
sorry
I
will
let
you
write
the
documentation
that
is
missing
here
by
the
way,
is
specifying
the
additional
maven
CLI
options
and
then
to
generate
documentation
will
be
part
of
the
Chadwick
step
for
Python
pip.
There
were
no
demo
today,
so
don't
we
keep
it
as
a
one?
We
need
to
investigate
further
this
one,
because
we've
seen
recently
that
there
might
be
two
different
subsets
of
saying
up
sis,
so
we
might
have
an
additional
step
coming
soon
for
Python
and
for
Python
people.
B
D
C
D
E
B
A
A
B
The
main
problem
is
more
about
defining
the
correct
and
testing
environment.
We
have
ongoing
testing,
which
is
partially
working
right
now,
but
we
have
we
added
to
be
swimmers.
Priscilla
Ness.
We
had
an
overlap
with
the
setting
up
of
the
set
up
of
the
test
projects
with
dependency
scanning,
and
this
is
where
things
getting
confusing,
because
defense
is
scanning.
Support
for
Python
might
have
slightly
different
requirement
than
license
for
plan
settings
lessons
compliance
for
Python.