►
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
B
You
should
be
seeing
my
whole
desktop.
Please
let
me
know
if
you're
not
so
to
start
with
I'd
like
to
show
the
scorecard,
so
quality
is
addressing
to
sort
of
disparate
things
as
part
of
these
demos.
So
the
first
thing
will
be
running
the
gait
lab
QA
regression
test
suite
I'm,
not
covering
that
here.
Well,
we'll
cover
that
in
a
future
demo,
what
I'm
covering
is
integration
tests?
B
So
these
final
four
steps
in
the
scorecard
any
questions
or
should
I
just
get
started
cool,
ok,
so
going
over
to
the
scorecard
so
step,
one
prove
air-gap
and
I
know:
we've
done
that
with
other
other
demos
in
the
past,
but
we
haven't
yet
done
in
here.
So
I'd
like
to
start
here
so
I'm
in
group,
secure
going
to
compute
and
searching
for
air
gap.
B
B
There
we
go
so
I'm
going
to
show
that
it
is
air
gapped.
By
doing
this
command
here,
which
is
step,
one
for
two
timed
out
could
do
the
same
thing
for
eighty.
B
B
B
I'm
gonna
call
it
integration
test
for
21,
make
it
public
so
within
this
group,
what
I
intend
to
do
during
this
demo
is
set
up
two
different
projects:
first,
I'll
set
up
Python,
pip
and
it'll
have
all
five
scanners
configured
so
we'll
see
all
five
of
those
scanners
in
one
project
integrated
showing
up
in
the
dashboards
together,
then
next
I'll
create
a
project
for
Java.
Maven
I
was
only
able
to
get
three
of
the
scanners
working
there
before
I
ran
out
of
time.
B
Sast
and
DAST
are
not
yet
working,
but
the
other
shady
scanners
are
working,
so
I'll
be
able
to
show
those
integrated
and
then,
at
a
group
level
we'll
be
able
to
see
across
two
projects
with
multiple
overlapping
scanners.
All
of
them
are
showing
up
in
the
group
dashboard
correctly,
so
I'm
going
to
pause
here.
This
stuff
was
really
short.
This
is
stuff
to
just
creating
the
the
group.
A
E
B
Excited
okay
and
before
I
get
started
setting
those
up.
What
I
would
like
to
show
is
that
a
lot
of
the
things
that
we're
relying
on
are
already
in
this
environment,
so
here
in
the
analyzers,
we
already
have
secrets,
for
example,
which
is
used
for
assess
I
will
also
use
bandit
for
SAS.
We
have
gymnasium
maven,
which
will
be
used
Clair
DP,
which
will
be
used
there,
they're
already
imported
here.
So
the
assumption
is
that,
in
whatever
environment,
these
would
have
already
been
loaded
in
side
loaded
and,
however,
it
is
that
that
company
is
security.
B
Policy
is
required,
but
all
of
these
are
already
here.
Additionally,
there
are
some
utilities
that
are
included
that
will
be
using
so
the
dvwa,
which
is
the
darn
front
of
a
web,
app
will
be
using
for
DES
and
container
scanning
and
Python
pip
webgoat
will
be
using
for
container
scanning
in
Java,
maven
and
docker
will
be
used
for
container
scanning
as
well.
B
So
I
just
want
to
show
that
all
of
those
were
already
here
so
to
go
back
and
we'll
set
up
we'll
go
from
a
template
that
has
already
been
brought
in
for
Python
pip.
We
will
fork
it
into
the
new
group
that
we
just
made
integration
test
for
21,
so
in
case
anyone
is
following
one
on
the
Left
I'm
at
step.
Three
number
one.
B
B
B
And
so
to
show
this
project,
this
template
that
we
forked
from
does
not
yet
have
a
gate.
Lamp
CI
file
so
we'll
create
that
and
I'm
in
step.
Three
number
three
on
the
left
side
here
so
I'll
create
a
new
file,
get
the
FCI
that
yeah
mo
awesome,
so
I'm
gonna.
First
just
pull
in
the
check
air
gap
job.
This
is
the
same
job.
That's
been
used
across
multiple
demos.
B
So
setting
up
here
for
offline
use
I'll
need
these
two
variables,
so
I'll
go
ahead
and
copy
those
in
turn.
In
the
variable
section
out,
there
are
some
specific
settings.
I'll
need
so
I'll
need
this
gymnasium
remote
URL
here
so
I'll
grab
that,
while
in
the
air
and
then
keep
scrolling
so
for
Python
pip
projects
I'll
need
to
add
this
snippet
as
well.
B
So
this
snippet
does
not
have
anything
particular
to
our
installation.
I.
Do
need
to
update
this
docker
registry
example
here
so
for
ours.
We're
using
a
variable
so
I
can
just
put
in
here
see
how
your
registry,
so
that's
good
I,
will
need
to
also
update
this.
So
for
our
sorry,
I'm
copying
from
off-screen
for
our
particular
instance.
I'll
need
to
use
this.
B
B
B
B
B
B
B
B
And
that
should
be
it
for
sassed.
Next
up,
we
have
dust
so
again
for
this
Python
project
I'm
using
the
darkness
alone,
but
web
app
and
so
we'll
copy
that
in
and
shortly
so.
The
first
thing
I
need
is
to
include
this
template,
so
there's
the
template
and
then
I'll
need
to
set
the
variable
for
the
dice
website.
So
this
just
has
example.com
we're
going
to
use
dvwa.
They
will
be
able
to
set
that
shortly.
B
B
B
B
So
we're
using
this
webgoat,
that's
not
we're
using
here,
reusing
again
darn
vulnerable
web
app
latest
and
then
we're
gonna
call
it
darn
funnel-web,
and
this
just
points
to
that
image
and
such
as
alias
it's
used
here
for
the
best
website.
E
B
B
The
services
this
will
need
to
change
to
point
to
our
specific
doctor
and
darker
image,
so
for
us
we're
going
to
use
I'll
copy
this
from
my
snippet
rather
than
risk,
not
typing
it
correctly.
So
we're
using
our
CIO
registry
in
the
utilities,
the
docker
project
there
that
I
showed
earlier
they
have
a
staple
doctor
in
docker
image
and
then
we're
gonna
need
this
build
step.
So
I'll
copy
that
in.
B
Great
and
I
think
the
last
thing
we
should
do
is
add
the
container
scanning
job.
So
if
I
click
down
here
to
requirements
for
offline
scanning
there's
a
job
here
where
we
are
essentially
something
in
the
location
of
the
Clara
image
and
the
Claire
DP
image,
so
I'll
copy
that
and
assuming
I
haven't
once
I
fix
these.
B
Assuming
that
I
haven't
messed
anything
up,
we
should
be
good
to
go
so
for
ours,
it's
CI
registry
we
have
analyzers
and
our
ours
is
car
and
it's
and
then
for
clarity
B
for
ours,
its
analyzer
and
then
clear,
DP
latest,
and
one
thing
that
we
need
to
add
here.
There's
a
note:
if
your
local
docker
container
registry
is
running
securely
over
to
HTTPS
but
you're
using
a
self-signed
certificate,
then
you
need
to
add
this.
B
Perfect,
let
me
just
review
my
notes
to
make
sure
that
I'm
not
missing
anything
I.
Think
I've
missed
something
for
dependency
scanning
yep.
So
the
one
thing
I
miss
is
that
we
are.
We
need
to
overwrite
a
variable
to
true
because
we
have
a
self-signed
certificate,
so
we
don't
want
to
have
to
rely
on
verifying
it.
B
D
B
F
F
F
No,
no,
we
do
this
in
the
training
that
we
do
for
our
users,
nice
yeah
I,
wish
it
was
in
a
better
place.
You
have
to
go
to
that
pipeline
screen,
but
the
reason
is
that
the
linter
only
works
for
CI
gamma
files,
so
you
wouldn't
want
it
built
into
the
web
IDE
because
it
only
works
for
one
kind
of
file.
F
B
B
Here's
the
latest
so
we're
gonna
watch
this.
This
build
stuff
takes
a
couple
of
minutes.
Among
the
test
steps
the
license
scanning
is
the
longest.
One
will
need
a
good
number
of
dead,
jokes
there
and
then
dust
is
is
moderately
fast.
So
if
anyone
has
any
jokes
to
fill
the
time
or
questions
that
I
can
answer,
run.
F
F
Of
course,
at
some
point,
when
you
have
a
chance,
I
would
love
for
you
to
talk
a
little
bit
about
how
we're
gonna
automate
this
and
build
this
in,
so
that
it
occurs
like
automatically
at
some
point
during
the
testing
process,
but
obviously
that
wouldn't
make
sense
for
this
demo,
but
I'm
just
curious
what
the
what
the
roadmap
is
for
that.
D
B
B
G
B
F
F
You,
like
I,
said
the
only
thing
I
can
think
of
right
now
is,
is
just
I'd
love
to
know
more
about
like
what
the
long
term
like
the
plan
is
to
to
be
able
to
kind
of
have
these
automated.
So
that,
like
the
way
you
do
with
the
normal,
like
regular
with
normal
testing,
although
there's
by
some
limits
on
what
can
be
done.
But
anyway,
I
was
just
curious.
Yeah.
B
Our
plan
right
now
is
to
do
this
testing
on
a
weekly
basis
and
and
likely.
What
we'll
have
is
a
you
know
this
file,
we
won't
rebuild
it
every
time,
it'll
be
built,
the
one
time
and
or
and
they'll
just
get
rerun
on
a
weekly
basis
to
make
sure
that
it's
still
working.
So
we
have
a
dependency
scanning
failure.
Let's
see
what
happened
here.
B
B
B
B
E
B
E
B
G
G
F
C
E
Think
we
should
take
it
as
an
action
item
acing
to
to
make
sure
it's
on
the
production
instance
and
then,
like
you,
can
move
on
to
the
next
steps.
For
those
he's,
a
good
thinking,
yeah.
B
F
Look
like
flinging
the
before
skip
skip
script
failed
in
there
where
it
was
trying
to
create
a
directory.
You
know
we
don't
necessarily
need
to
troubleshoot
it
live,
but
just
as
an
FYI
on
line,
29
I
think
that
maybe
we're
done
review
something
there,
but
anyway,
they're
not
line
29
of
the
file
line.
29
of
the
output
like
I,
think
that's
where
the
issue
is
cuz
I
think
it
goes
to
create
that
folder
and
then
it
tries
to
upload
the
artifacts
and
then.
B
F
B
C
B
F
B
So
here
before
I
moved
on
from
here,
I
wanted
to
show
we're
seeing
licenses
and
this
pipeline
apart.
We
can
see
container
scanning
results,
we
can
see
results
and
see.
Scanning
won't
show
up
because
Oh
interesting
and
we
can
see
SAS
as
well
and
once
we
merge
it
will
also
be
able
to
see
it
here
right
now.
It's
still
empty,
nothing
is
showing
it's
configured
since
we
haven't
merged,
set
Richard
Quest
right.
B
B
D
C
C
F
I
know
it's
not
really
scoped
to
this.
This
particular
demo,
but
for
future
iterations
I
think
a
good
addition
down
the
road
would
be
to
have
and
to
introduce
Moulton
alone
err
ability
for
each
of
the
scanners
and
then
see
those
in
a
future.
Merge
request
to
verify
that
those
you
know
like
show
up
with
new
vulnerability
is
introduced
in
the
merge
request.
I,
don't
see
why
that
would
be
different
offline
versus
not
but-
and
you
may
already
have
tests
equivalent
to
that
in
the
automated
testing.
F
E
F
That's
on
master,
as
my
understanding
of
how
it
works
and
Nicole
can
correct
me
if
I'm
wrong,
but
and
so
instead
of
getting
a
report
with
like
fifty
or
a
hundred
or
six
hundred
vulnerabilities,
they
just
get
what
change
from
in
their
one
branch,
and
that
adds
a
ton
of
value
and
just
verifying
that
that's
working
is
is
good.
The
only
way
you
could
do
it
here
is
to
introduce
more
buildings
after
the
step.
C
And
then
just
to
be
clear,
we
have
that
part
of
the
code
is
exactly
identical
between
self-hosted
and
and
there's
been
no
changes
to
it
for
all
fly
and
all
the
changes
have
been
in
the
analyzers.
So
I
might
talk
to
fern
about
that,
because
we're
recording
a
YouTube
video
aimed
at
explaining
offline
to
customers
and
so
I
think
that
might
be
a
good
thing
to
do.
There
specifically
yeah.
F
B
In
the
interest
of
time,
I'm
gonna
refresh
this
page
to
show
now
on
the
Mr
level
or
sorry
master
level,
we're
seeing
the
licenses
and
we're
seeing
results
here
in
the
pipeline
for
master
so
container
scanning
tasks.
All
of
these
are
working,
so
I'm
gonna
go
back
and
show
now
at
the
project
level.
These
are
all
now
configured
and
see
items
on
the
license
compliant
tab.
The
dependency
list
is
not
showing
up
because
that
job
didn't
work.
But
then
here
we
can
see
here's
everything,
aggregated
I,
can
click
into
just
show
container
scanning.
B
In
dependency
scanning
is
not
showing
up
because
it's
not
working
and
if
I
go
back
to
the
project,
no
I
should
also
see
it
here.
There's
no
licenses
tab
here,
but
you
can
see
for
all
the
projects.
This
right
now
is
just
Python
pip.
Here's
everything
we
can
look
at
only
container
scanning.
We
can
look
at
dust
and
the
numbers
on
the
right
are
changing
every
time
here
we
can
look
at
sassed,
there's
only
one
and
then
dependency
scanning
subroutine.
B
E
C
E
B
Great,
so
if
that's
a
three
I'm
gonna
move
on
to
do
the
job
of
a
pin,
which
hopefully
goes
a
little
bit
quicker
since
there
are
only
three
and
maybe
I,
won't
fat-finger
anything
this
time
we'll
see
so
Java
maven,
let's
fork
it
the
same
way
that
we
did
the
previous
one
into
integration
test
for
21.
Oh.
B
B
B
Great
and
so
to
start
the
same
way,
I
did
before.
Let's
show
the
security
dashboard,
something
nothing
is
configured
so
we're
starting
from
scratch.
Here
all
right,
I
will
start
with
the
new
file
get
lab
CI.
So
first
up
is
dependency
scanning,
we'll
see
if
it
works
here.
Oh
No
first
up
is
the
check
air-gap
job.
Let
me
do
that
very
quickly.
This
is
the
same
job
that
we've
used
in
other
spots
as
well.
C
C
B
B
B
Ci
registry
analyzers
Clare
and
our
Clare
we're
using
latest
for
that
one.
So
our
location
is
here:
CI
registry,
analyzers,
Clare
to
be,
and
then
same
as
before.
We
need
to
follow
this
note.
We
must
set
docker
and
secure
true
in
this
container
scanning
job,
and
the
last
thing
we
need
for
container
scanning
is
to
add
a
docker
file.
So
this
time
around
we'll
use
web
goat
rather
than
the
dvwa
just
to
get
a
different
set
of
results
in
and
let's
see
how
that
goes.
B
And
so
again,
here
I
don't
have
Sasser
desk
he's
always
been
able
to
get
those
fully
set
up
here
in
time
for
the
demo,
but
they
have.
The
three
scanner
should
hopefully
work
we'll
see
if
dependency
scanning
works
here,
where
it
didn't
and
Python
pip.
Are
there
any
questions
specific
to
Java
maven
that
I
can
answer?
While
we
wait
for
the
pipeline.
E
B
E
If
Olivia
were
here
is
gonna
say
that
amazing
job
gonna
finish:
first
cuz
we
made
it
faster.
C
Start
up
so
my
husband
was
playing
the
Indiana
Jones,
like
8-bit
video
game
from
like
the
1990s
and
still
could
remember
by
muscle
memory
how
to
beat
all
the
puzzles
and
the
tie
field
on
Super
Mario.
Like
you
put
me
down,
I,
have
my
original
NES
and
so
where'd.
She
put
me
down.
The
music
starts.
Playing
I
can
be
not
paying
attention
and
just
do.
C
B
B
F
F
C
B
B
B
F
No
I
was
just
kind
of
asking
out
of
curiosity,
because
the
last
time
I
like
worked
in
a
quality
group
like
was
not
as
sophisticated
as
what
we
do
here
at
kiss.
B
E
All
I
was
gonna
say
that
we
can.
You
can
probably
do
all
that
two-way.
So
one
is
the
long
term
regression,
automation
that
Tanja
and
team
are
being
I
think
this
is
good
feedback
to
the
next
time.
We
do
demos
where
we
probably
want
to
server
it
out
into
like
set
up.
If
setup
is
great,
then
we
can
just
jump
onto
the
next
steps
and
have
that
automated.
So
you
don't
have
like
one
true
set
up
again
just
jump
through
right.
B
F
F
Like
oh
I,
guess
it
has
the
more
information
links
already
I
was
just
thinking.
I
don't
know,
I
was
thinking
like
if
it
was
not
yet
configured
that
there'd
be
a
link
there.
Something
like
that
to
show
you
how
to
configure
it
or
something
but
I,
guess
the
more
info.
B
And
then
I
know
we're
putting
up
at
time
allocated
for
the
demo
as
soon
as
this
is
done,
I
should
be
able
to
show
pretty
quickly
the
project
level
dashboard
here
and
then
the
group
level
that
has
both
projects
and
negated
together
should
be
able
to
wrap
up
on
time.
Let's
see
we
loose
license
kidding
Joker
is
up.
D
B
D
C
C
B
B
G
B
Okay,
so
job
succeeded.
Let
me
quickly
show
the
pipeline
licenses
pipelines
security
tab.
We
should
be
able
to
see
container
scanning.
There
will
be
nothing
for
dust
dependency
scanning,
nothing
and
sassed.
Nothing
perfect,
so
coming
here,
I
already
showed
the
configuration
that
these
three
are
configured
we're
seeing
licenses
unknown.