►
From YouTube: Dependency Scanning Live Demo
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
B
Thanks
Todd,
so
let's
get
started.
This
is
a
score
card.
We
will
be
focusing
on
today,
so
the
Pennsy
scanning
has
been
already
validated
to
some
levels
in
the
previously.
In
the
previous
demos,
we
will
focus
today
on
validating
each
of
the
supported
languages.
We
still
have
two
or
three
that
are
not
yet
testable,
but
hopefully
this
will
be
some
in
the
end
of
the
week
or
maybe
next
week.
So
we
are
in
a
pretty
good
shape
and
will
demonstrate
that
quickly
just
to
go
through
the
previous
step.
B
B
There
was
also
a
full
twitter's
test
specific
to
okay.
So
this
is
just
a
reminder
that
all
of
this
substeps
result
might
impact
this
one.
If,
for
example,
one
of
those
languages
cannot
run
cannot
be
configured,
this
can
be
a
five
and
Step
three.
We
had
an
issue
where
we
needed
to
rebase,
but
this
is
not
specific
to
the
air-gap
instance
actually
unrelated
to
our
topic
here,
and
there
are
pipelines,
fear
which
I'll
expected
for
a
title.
B
Yes,
we
will
demonstrate
that
it
has
been
fixed,
but
again,
this
is
not
specific
to
the
step
three
and
the
preference
concerns
are
also
not
specific
here.
So
I
would
just
consider
that
we
don't
need
to
really
do
the
full
step,
but
it
still
making
sure
that
all
the
languages
are
supported.
Unless
someone
is
against
that.
B
All
right
and
first
at
4:00,
which
is
about
showing
results.
This
is
again
depending
on
having
a
five
on
all
the
others
before
putting
a
five
here,
so
another
request
was
to
make
sure
we
can
see
some
vulnerability
being
reported
by
the
severity
different
than
unknown.
This
would
be
the
case
for
some
of
the
example
there,
but
just
as
a
reminder,
some
of
those
languages
are
only
supported
with
the
gymnasium
analyzer,
which
doesn't
provide
that
information.
B
Yet
there
is
a
painting
issue
in
terms
of
ten,
but
as
a
stretch
goal
that
will
allow
that
so
maybe
twelve
thirty
not
all
will
be
able
to
provide
the
information
for
all
the
languages
when
your
underlings
can
you're
provided
for.
Obviously
so
with
that,
let's
get
started
with
support
for
Java
maven,
so
in
the
case
of
Java,
meaning
we
do
leverage
the
system
admin
repository
which
is
built
in
within
gitlab.
B
This
is
a
fact.
This
is
a
feature,
and
this
is
a
project
that
doesn't
work
apparently
now
that
link.
This
is
supposed
to
link
to
DM
documentation.
Sorry
about
this,
so
we
have
the
gift-wrap
maven
repository,
which
is
a
feature
that
has
been
shipped
for
quite
some
time
now:
element
3,
which
allows
us
to
store,
maybe
packages.
So
we
will
leverage
this
one
and
we
already
have
put
some
dependencies
there.
So
I
will
go
ahead
and
use
this
template
project
and
thought.
B
Okay
and
again,
this
is
a
quick
workaround
but
I'm
just
breaking
the
fork
relationship
so
that
when
I'm
creating
an
image
requests,
it
doesn't
know
penny
for
the
original
project
and
invite
to
stay
into
this
one
okay.
So
we
have
this
basket
Java
maven
project.
There
is
a
poem
XML
file
here
which
defined
this
dependency,
which
is
a
Christian
package
that
we
have
applauded
to
another
project
within
the
Key
Club
instance.
I
could
another
project
package
registry.
B
We
have
the
specific
it
lab
settings
that
specify
that
it
has
to
fetch
its
maven
dependencies
from
this
repository,
which
is
again
provided
by
this
environment
variable,
which
gives
this
instance
URL
for
the
API,
which
will
basically
translate
to
that
domain.
Plus
/ap
is
94
before
so
will
start
and
configure
the
gap.
Oops.
Sorry
the
wrong
line,
we're
here.
We
have
configure
the
dependency
scanning
feature
with
the
offline
environment,
so
I'm
leveraging
this
knee
pads
again
because
of
the
communication
is
not
fully
written.
Yet
I
am
just
copy
pasting.
B
This
so
we
are
including
the
vendor
template
here
and
overwriting,
some
of
the
configuration
or
the
purpose
of
supporting
this
offline
environment.
So
we
are
disabling
the
darker
in
doctor
mode,
because
the
conductor
model
using
an
orchestration
layer
they
want
to
get
rid
of
and
for
the
offline
environment.
We
only
pro
only
provide
the
support
for
the
non
docker
in
the
current
web.
B
This
is
where
we
put
the
docker
images
that
we
fetched
from
the
github.com
registry
and
inject
it
into
the
air
gap
environment
by
whatever
means
the
customer
is
using
to
inject
that
into
that
environment.
These
are
specific
settings
for
another
analyzer
that
I
don't
need
here,
because
it's
a
specific
raw
JavaScript.
B
This
one
is
for
the
gymnasium
analyzer,
which
is
the
one
we
use
for
maven,
so
I'm
them
and
there's
one
for
sorry.
I
want
to
show
with
my
mouse
leisure,
so
this
is
specific
to
Bernadette
for
Ruby.
This
is
specific
for
JavaScript,
so
I
plus
committing
at
this
out,
and
this
is
specific
to
Jimmy's
analyzer
and
so
for
all
the
supported
languages.
This
is
specifying
that
we
want
the
tea
medium
analyzer
to
leverage
this
database,
which
is
one
of
the
requirement
that
you
need
to
inject
into
your
agate
environment.
B
In
this
case,
this
is
a
github
repository
that
we've
put
into
a
dedicated
project
again
on
that
target
instance.
So
you
clone
that
repertory
and
push
it
into
your
instance
and
then
tell
the
Jainism
analyzer
to
leverage
it.
The
get
SSM
know
verified
option
is
to
make
sure
that
with
self
signed
certificate
you
can
still
clone
that
repository,
because
we
don't
yet
have
a
support
for
this.
So
this
is
a
workaround
that
has
been
told
as
acceptable
for
MDC.
B
The
next
thing
is
specific
to
maven,
so
we'll
keep
that
one
it's.
It
is
a
rewriting
the
dedicated
job.
We
have
for
maven
support
to
explain
this
further.
This
is
the
vendor
template
for
the
Pennsy
scanning.
It
was
originally
made
of
this.
Only
job
which
is
called
dependency
scanning,
which
is
the
darker
and
darker
version,
with
your
creation
layer,
spinning
up
new
sub
containers
for
each
languages,
we're
getting
away
from
that.
So
instead
we
have
all
of
those
specific
jobs
that
have
been
defined
here
for
each
analyzer
and
languages.
B
So
for
the
case
of
supporting
Java
it's
kind
of
project,
we
have
this
specific
job
using
the
specific
analyzer
image.
So
we
are
overriding
this
specific
job
here
to
tell
to
use
this
specific
image,
which
again
is
an
image
that
has
been
made
available
within
that
instance.
If
I'm
looking
at
that
project
ready
package
registry,
sorry
container
registry,
we
can
see
that
the
docker
image
is
available.
Here
we
have
multiple
tags,
and
here
we
are
using
this
specific
one
and
the
reason
he
is
that
this
is
a
specific
image.
B
I'm
baiting,
an
ongoing
fix
for
for
gymnasium
support.
There
is
a
link
here,
so
this
is
a
custom
image
based
on
this
request
back
fix,
because
gymnasium
maven
was
leveraging
some
runtime
dependencies
installed
on
the
fly.
I
want
to
get
rid
of
this,
so
this
mesh
request
is
embedding
that
information
into
the
docker
image.
Instead,
this
is
still
being
reviewed,
but
I'm
good
I'm,
going
way,
because
it's
working
and
we'll
show
that
quickly
and
then
we
have
to
override
some
maven
July
options.
B
Access
for
debug.
This
is
for
specifying
the
specific
github
settings
XML
file,
and
this
are
for
disabling
the
excessive
checks.
Again,
this
is
the
workaround.
Until
we
have
a
clean
support
for
custom
certificates,
then
we
are
in
leveraging
this
variable
to
override
to
specify
a
dedicated
branch
of
the
gymnasium
DB
repository.
The
reason
why
we're
doing
this
here
is
because
the
project
that
we
are
using
is
having
a
dependency.
B
That
is
a
custom
one
that
is
not
a
public
dispense,
ease,
we've
done
the
remedies,
so
what
we
did
here
is
we
create
a
dedicated
branch
with
our
database
and
specifically
added
a
new
non
vulnerability
that
is
fake
for
the
super
pros
about
this
package.
So
we
tell
that
we
say
that
I
know
that
our
database,
we
have
a
CD
fake
number
here.
That
impacts
this
package,
and
this
is
what
the
gymnasium
analyzer
will
leverage
to
report
here:
the
verities
for
this
specific
project.
Again,
this
is
just
for
the
purpose
of
the
demo.
B
In
the
real
example,
we
will
have
other
real
dependencies
with
real
vulnerabilities,
but
it's
quite
difficult
yet
to
applaud
the
chance
of
dependency
into
the
system.
It
may
be
a
good
memory
depository.
So
this
is
just
a
shortcut,
but
if
you
need
to
have
a
more
realistic
approach
contest,
we
can
spend
some
more
time
to
use
real
packages
and
the
last
one
is
for
Python.
So
I
will
just
comment
this
out,
and
then
we
have
the
check
and
gave
job,
which
is
just
our
our
testing
that
verifies.
We
cannot
reach
github.com
registry
within
this
instance.
B
Which
I
can
get
is
enraging
and
now
P
an
image
that
we
inject
into
the
a
gap,
environment
and
we'll
do
the
W
gate
command,
and
here
we
are
reading
this
custome
made
that
we
mentioned
earlier,
and
this
is
running.
I
will
just
kill
the
gory
details,
but
it's
succeeding
and
the
check
air
gap
will
fail
to
connect
and
will
succeed
too.
B
Right
sixes,
so
I,
just
reload
here
and
I
know
how
this
to
create
the
time
available,
showing
the
favorability
is
that
we
added
to
the
database,
which
is
specifying
that
it
is
impacting
that
project
with
those
fixed
identifiers,
then
some
fake
links
again.
This
average
is
an
unknown
because
this
is
coming
from
Jainism,
but
this
is
exactly
the
same
behavior
as
we
will
have
with
real
dependencies
then
on
the
murder
course
we
have
the
merge
request,
which
said
that
tell
we
have
detected
vulnerability
for
the
source
branch.
Only.
B
The
reason
is
that
we
don't
have
any
report
from
the
master
branch.
You
should
check
the
configuration
page.
You
can
see
that
dependency
scanning
is
considered
as
not
yet
configured
because
there
there
are
no
pipeline.
The
master
branch
I
think
around
the
dependency
scanning
job
dependence
list
is
empty
for
the
same
reason
and
the
security
guard
well
again,
for
the
same
reason
from
this
I
can
see
the
same.
Information
and
I
will
just
merge
it.
So
that's.
It
now
runs
on
the
master
branch
and
go
feel
the
dashboards
configuration
page
and
the
dependency
list.
B
Sorry
I
can
show
the
configuration
page.
We
should
not
tell
that
we
have
dependencies,
can
configure
Rhodes
yep
so
here
and
then
the
dependence
list
has
been
fed
with
one
component
and
one
variable
component
with
this
and
gravity,
and
the
dashboard
should
show
it
to
yep.
Here
we
are
so
again
from
here.
You
have
the
solution
to
many:
we've
created
the
next
version
and
create
an
issue:
dismissed,
extract,
strap
and
the
pipeline
was
successful
because
everything
was
fed
into
dashboard
alright.
D
B
All
right
so
we're
going
to
think
Swan
that
might
be
a
bit
boring,
we'll
redo
the
same
thing
again
and
again
for
all
of
the
others,
but
I
would
explain
less
because
I
already
know
a
lot
about
the
process.
This
is
for
JavaScript
with
NPM.
We
are
using
the
custom
NPM
registry,
which
is
based
on
the
verge
SEO
software.
B
B
We
have
this
dedicated
project
here,
which
is
a
simple
JavaScript
project
with
some
dependencies.
Just
one
I've
had
I.
Remember
yes,
just
one
DT
here
and
it's
continued
with
this
docking
PM
RC
file
to
tell
and
p.m.
to
go
fetch
the
dependency
from
that
custom
registry,
which
is
our
internal
one
and
disable
SSL
check
again,
because
we
don't
have
full
support
for
instead
of
signing
certificates
so
back
to
the
same
workflow
I
will
just
for
this
one
and
I.
Don't
remember
how
many
times
I've
done
that
process.
B
So
high
off
this
project,
now
14
to
my
own
dedicated
project,
I
will
just
open
the
web
IDE
and
do
the
same
configuration
here,
adding
a
new,
a
CLABSI
IML
file
pasting.
This
I
still
need
the
same
base.
Variable
I
will
keep
those
ones,
because
this
is
a
JavaScript
project.
I
will
keep
changing
because
the
museum
is
also
supporting
those
projects
and
I
will
disable
the
rest
because
it
doesn't
matter
here
for
the
part
of
the
demo.
I
will
just
let
it
this
way.
I
will
see
that
it's
actually
failing.
B
The
retire
one
is
using
the
specific
image,
and,
as
mentioned,
this
is
a
problem
we
had
in
the
first
demo
and
it's
failing
because
it
tries
to
reach
out
to
this
URL
to
get
it's
a
private
databases
that
we
objected
into
the
aggregate
stands,
but
due
to
excessive
check
failure
that
the
job
is
failing
here
and
14
museum
it's
working
successfully.
So
what
we've
done
since
then
is
we
have
created
the
retailer
just
neither
to
provide
a
new
options.
C
B
But
we
could
go
directly
to
the
better
option,
because
here
we
have
support
officially
tested
and
working,
which
is
removing
this
and
it's
Ted
configuring
the
project.
Sorry,
we
have
this
variable,
so
this
is
something
that
is
currently
being
tested
for
each
scanners.
It
has
already
been
shifted
to
209
forever
correctly,
but
we
have
some
bugs
with
the
supports,
so
this
is
a
way
to
provide
custom
theater
bundle.
B
This
is
a
certificate
from
four
of
this
game
instance,
so
I'm,
just
putting
that
into
an
environment
variable
into
the
project
configuration
and
by
setting
this
I
could
not
rerun
this
job
with
the
insecure
being
disabled,
but
first
showing
that
insecure
mode
is
actually
working
now
and
if
I
go
to
the
pipeline.
I
know
how
the
Security
tab,
showing
the
nerve
those
are
abilities.
B
It's
not
fair
because
most
of
the
facility
relies
on
scanning
a
static
lock
file
instead
of
having
to
fetch
external
things.
So,
and
here
we
just
have
few
dependencies,
so
it's
very
faster
to
install
them.
So
here
it's
working
again,
but
this
time
it's
ruining
the
chat
educate
and
we
have
so
the
reports
available
in
the
security
tab
the
same
way
and
in
the
Ameriquest
widget,
which
again
should
have
this
issue
that
it's
fail.
If
the
pipeline
is
not
fully
complete,
so
I'm
reloading
now,
and
it
should
load
correctly.
B
All
right,
so
we
have
the
four
dependencies
here
again
same
sets
of
information
available.
Well,
this
car
one
is
coming
from
retired
years,
which
doesn't
provide
solutions.
Those
ones
are
coming
from
Tunisia
which
provide
solutions
so
kudos
for
ourselves,
I'm
going
to
merge
that
one
so
that
the
trends
on
digi
foot
branch
now
Oh.
D
B
What
I'm
doing
here
would
be
available
to
it
in
terms
of
ten
okay,
so
the
way
we
implemented,
that
was
in
a
generic
way
that
should
work
out
of
the
box,
but
due
to
some
specific
usage
of
certificates,
depending
on
some
tools
to
the
underlying
tools
that
we
are
using.
We
are
facing
some
issues
and
we
need
to
adapt
the
tools
to
end
all
that
in
different
ways.
So,
thanks
to
the
great
engineers
we
have
in
the
team,
they
already
fix
that
for
for
some
other
other
tools
so
and.
D
B
D
D
B
So
we
know
how
the
pipeline
running
done
on
the
master
branch,
so
we
should
have
the
configuration
the
dependence,
distance
security
dashboard
showing
that,
yes,
it
is
configured
now
we
have
one
component
reaches
renewables,
showing
the
treatment
of
it
is
again.
This
is
a
non-issue
only.
The
vulnerabilities
coming
from
the
jainism
analyzer
I've
been
shown
into
this
dependency
list
page,
and
we
have
an
open
issue.
This
is
not
specific
to
the
offline
environment.
B
This
is
a
generic
issue
and
the
security
dashboard
which
is
now
fed
with
what
being
reported
on
the
therefore
branch
again,
the
same
form
you
know
be,
it
is
I
didn't
show
that
for
the
Krebs
man
again,
the
dis
means
create
issue.
All
those
features
are
really
changing,
so
once
you
can
see
them
into
that
dashboard,
it
should
work
seamlessly.
I
say
should
because
well.
B
B
So
yeah
we
are
skipping,
I
didn't
mention
that
sorry,
we
are
skipping
Redl
not
available.
Yet
we
have
to
improve
the
testing
and
we
have
some
challenging
challenges
we
are
facing
with
it
right
now,
so
not
not
available
next
one
which
is
NPA
JavaScript
with
yarn.
So
yan
is
a
different
package
manager
for
JavaScript
project.
B
B
Okay,
so
we
are
testing
JavaScript,
so
we
still
need
these
two
ones.
I
will
go
ahead
and
and
check
with
the
the
certificate
version
directly,
because
this
is
the
most
expected
way.
If
you
have
a
custom
certificate,
I
still
it
gymnasium
to
be
set
up,
I
don't
need
Bandler
to
be
set
up.
I
don't
need
those
two
extra
authorized
here
so
commenting
out
this
I
will
not
run
the
job
immediately.
B
So
we're
still
at
the
two-tier
annihilate
any
German
retailers
which
are
the
two
analyzer
for
this
language
as
following
the
exact
same
process,
then
for
the
NPM
project,
but
will
leverage
slightly
different
logic
when
it
comes
to
Daan's
telling
the
dependencies
and
when
it
comes
to
I'm.
Looking
at
the
the
manifest
file.
So
here
you
can
see
that
it's
using
yarn
to
install
the
dependencies
fetching
the
custom
recharges,
the
v3
database
and
concluding
with
success,
and
here
we
have
the
same
with
gymnasium.
So
it's
working
for
both
of
them.
B
B
We
are
loading
our
still
because
of
this
running
a
gap-
job
okay,
successful
now,
so
it's
really
load
correctly,
and
we
are
done
here:
okay,
merging
showing
configuration
page
showing
dependency.
The
configuration
page
take
configure
because
it's
already
cut
so
come
to
the
latest
by
playing
on
master
codes.
The
latest
my
plan
on
master
the
difference
this
is
empty
because
of
the
pipeline
is
that
completed
and
the
security
bodies
and
true
from
the
same
reason.
So,
let's
watch
the
pipeline
under
the
branch.
B
D
This
is
an
unrelated
question,
but
since
we
have
a
second
I'm
curious,
so
why
do
you
fork
it
instead
of
just
making
that
first
project
a
template
and
then
just
bring
in
your
project
using
the
template?
Because.
B
The
import
feature
is
kind
of
broken
means
it's
negative
instance.
I,
don't
know
why
exactly?
And
we
didn't
have
time
to
investigate
on
that.
So
we
basically
go
with
this
workaround
of
fork
and
remove
the
fork
relationship
to
avoid
creating
merge
request
in
the
template
project,
but
ideally
just
an
input.
Actions
would
be
later,
but
yeah.
B
B
C
B
Php
doesn't
require
any
specific
custom
registry,
because
the
way
we
are
doing
the
analysis,
we
will
need
liberate
the
log
file
to
manifest
file.
So
we
don't
need
to
install
any
dependencies,
so
even
if
it
is
already
existing
into
the
offline
environment
of
the
customer,
we
don't
nourish
it.
So
there
is
no
much
more
configuration
to
to
add
for
our
final
writing
here.
So
this
is
a
PHP
composer
fire.
So
we
have
the
composite
of
JSON
and
the
composite
of
log
file,
which
tells
what
are
the
exact
dependency
is
being
used
by
that
project.
A
B
Alright,
alright,
we'll
open
the
web
IDE
and
configure
that,
so
it
should
be
the
same
template
we
are
here,
creating
a
comm
file.
I
can
disable
I
should
have
disabled
them
by
default.
That
could
have
been
more
Ionian
is
indifference?
Is
killing
our
Python
I?
Don't
need
further
edits.
Custom
settings
I
just
need
the
gymnasium
specific
settings
by
the
way
of
communities
I'm
out,
but
I
could
just
leave
them
that
wouldn't
hurt.
I
would
do
that
for
the
next
ones
was
just
for
the
to
show
you
what
are
the
relevant
ones.
B
So
this
could
be
ng,
because
if
a
customer
has
a
lot
of
different
project,
it
might
be
a
bit
boring
to
go
to
all
the
project
and
all
right
this
way.
So
this
may
be
something
we
should
put
into
the
documentation
where
we
mentioned
that
to
some
customers
is
what
they
can
do
is
create
one
unique
gift:
API
you'll
fly
in
the
project
into
their
instance.
Put
all
of
that
configuration
there
and
then
in
each
of
the
project.
They
they
say
to
include
that
specific
one
which
is
faster.
D
Yeah,
but
by
the
way
one
of
my
customers
is
actually
doing
it
that
way
for
the
one
that
has
done
some
workarounds
to
get
so
we
have
things
working
like
several.
You
know
several
months
ago,
but
yeah.
It
would
be
not
bad
to
have
that.
A
mention
of
that
and
a
link
to
how
to
do
that.
You
know
on
that
main
page
that
Nicole
did
for
just
general
air-gap
I
think
it
would
be
a
good
idea
and,
like
you
reminding
people,
they
can
create
an
instance
level
template
they
can
be
included
well.
B
I
think
we
have
ongoing
issue
to
discuss
how
to
improve
that,
because
there
are
a
lot
of
things
that
we
can
put
into
mega.
Dedicated
template,
dedicated
template
for
offline
environments.
We
are
who
have
a
discussion
around
this,
but
and
some
other
configuration
can
be
pest
relevant
viable.
So
if
you
manage
to
find
a
way
to
put
everything
into
a
very
valuable,
then
we
need
no
file.
They
would
just
have
like
coca-cola,
it's
just
little
valuable,
which
will
be
maybe
easier
but
anyway,
post
embassy.
B
So
this
job
14
medium
is
successful.
So
we
can
look
at
the
pipeline
and
Security
tab.
We
have
a
punch,
often
repeat,
he's
being
reported
there
again
all
unknown
because
it's
coming
from
Tunisia,
but
there
is
a
solution
and
a
lot
of
other
media
that
are
available
and
in
the
merge
request
widget.
We
also
have
that
is
available
here.
B
B
So
check
a
gap,
quick,
quick,
no
gymnasium
is
faster
than
Chicago.
That's
awesome.
D
B
Good
cool,
so
no,
let's
enter
the
Python
world.
No
I
will
skip
how
we
go
back
to
this
one,
because
Python
need
some
more
explanations.
I
will
keep
to
the
Ruby
one
again.
This
one
is
super
easy
because
we
don't
need
to
setup
any
custom
registries.
This
is
also
relying
on
scanning
the
log
file
which
is
shipped
within
the
project
itself.
So
we
have
the
gem
file
until
5
o'clock,
which
is
a
way
of
the
main
one
we
are
leveraging
here.
So
I
will
for
it.
B
The
way
my
de
could
be
passed,
the
configuration
into
a
newbie
class
yeah
mm
file,
so
here
we
don't
care
every
time.
I
choose
settings,
but
I
said
I
would
like
them
just
to
make
sure
that
it
doesn't
have
any
impact.
We
need
the
gymnasium
one.
We
need
also
this
vendor
audit
specific
stuff,
because
this
one
Ruby
so
for
this
kind
of
project
we
will
have
gymnasium
and
boudreau
didn't
either
running.
This
is
just
telling
the
an
either
to
fight
the
database
into
this
custom
location.
B
B
B
A
C
C
B
Alright,
so
until
you
get
that
answer,
we
can
look
at
the
pipeline
because
it
is
not
completed
and
oh,
we
have
some
high
engagement
already
this
year,
so
this
one's
the
ones
are
coming
from
the
Panzer
elite
tool
and
this
one's
coming
from
the
genius
on
tool
again,
for
the
same
reasons,
we
don't
have
any
authority
available
right
now
and
showing
beat
Matt
request.
We
Chet.
We
are
the
same
information
available
here
so
merging
this,
showing.
D
B
B
D
I
ask
a
quick
question
before
you
leave
the
page,
and
this
is
unrelated
to
the
air
gap,
so
I
apologize,
but
how
come
we
don't
summarize
the
unknowns
at
that
same
level?
There
is
that
something
that
we're
gonna
do
in
the
future.
Obviously
a
second
he
says
nothing
to
do
with
air
got
nothing
to
do
with
this
demo
curious.
B
We
did
debate
a
lot
on
this
one.
We
also
had
an
unknown
and
and
define
we
are
emerging
and
defined
and
unknown.
So
you
will
also
only
afternoon
it's
already
shipped
I,
think
or
it's
gone
green,
but
there
is
an
open
issue,
I
think,
to
reintroduce
the
another
one
but
feel
free
to
just
cuz.
That's
really
bad.
Okay,.
B
B
Alright,
so
I'm
going
to
go
and
I
think
I
didn't
just
go,
did
I
I,
don't
remember
so
the
go
one
also
doesn't
require.
I
will
just
read
that
it
doesn't
require
any
custom
repository
because
we
are
using
the
log
file
again,
so
the
log
file.
This
is
only
for
gum
modules
by
the
way
go
language
comes
with
a
plethora
of
different
package
managers
that
were
created
over
time
and
now
the
official
one
is
gone,
modules,
yearning
go
mode
and
goes
some
files.
This
is
the
one
that
we
are
currently
supporting
for
dependency
scanning.
D
D
B
Yeah,
all
of
these
little
jobs
are
getting
triggered
based
on
this
rule,
which
is
asking
to
the
project
repository
language
variable
to
contain
those
following
those
following
values.
This
is
currently
under
some
debates,
because
this
look,
the
teachin
logic,
is
a
slightly
different
from
what
we
are
into
the
talking
doctor
mode
with
York
restoration
layer.
It's
it's
simplistic
and
it's
relying
on
something
that
only
be
updated
when
you're
pushing
new
files
on
the
master
branch
of
the
different
branch.
So
this
can
be
some
drawbacks.
There
are
open
issues
we
can
link
them
after.
B
So
gymnasium
working
with
the
co
project,
nothing
specific
to
mention
here,
except
that
it's
leveraging
this
custom
database
that
we
injected
into
the
egg
app
instance
and
reloading
I
should
know
how
much
requests
you
would
go
to
the
pipeline
you
to
buy
to
quit
on
the
security
tab.
We
have
those
three
different
abilities
reported
on
the
course
and
file,
which
is
the
manifest
file
for
for
the
group
package
manager
go
modules,
package
managers
and
we
have
the
information
available
here
to
under
met,
request,
widgets,
so
merging
is
showing
the
configuration
page.
B
Alright,
so
reloading
the
dependency
list,
we
should
now
have
the
list
of
components
and
the
venerable
ones
here
and
looking
at
the
dashboard
reloading
I
have
the
three
abilities
display
there,
and
this
is
closing
support
for,
go
and
will
also
studied
that
ask
allies
not
yet
available
for
some
other
reasons
like
a
lot
of
stuff
to
bundle
with,
in
the
end
the
image
of
the
analyzer.
So
this
is
being
addressed
all
right.
It's
52!
We
have
three
minutes.
I
can
start
to
demo
Python
or
do
you
want
to
delay
Zeus?
B
B
So
I
just
started
with
the
Python
people
on
copying
the
claps
yeah
llamo.
So
in
this
case
we
need
this
one.
So
we
are
overriding
the
the
jainism
python
job
and
adding
the
speech
this
before
script.
This
is
something
we
are
trying
to
look
to
improve
so
that
we
don't
have
to
add
this
additional
step
here,
but
for
now
we
need
it.
B
So
for
the
case
of
Python,
we
need
to
install
to
get
access
to
the
dependencies,
at
least
for
people.
People
I
think
we
not.
We
need
it
back,
so
we're
using
the
custom
peep-peep
IP
registry,
which
is
again
available
on
this
different
VM,
which
has
a
new
grateful
to
be
reachable
from
the
arm.
I
get
instance,
and
we
are
the
list
of
packages
that
have
been
installed
into
that
instance.
Here.
B
B
So,
as
you
can
see,
it's
taking
a
bit
more
time,
50
seconds
here,
because
it's
not
as
static
as
for
the
other
languages.
So
we
now
have
this
information
available
in
the
pipeline
tab
and
the
Security
tab.
Again,
there
are
all
unknown
because
they're
coming
from
the
gymnasium
tool,
we
have
those
available
here
too
I
didn't
mention
that
specifically
began
all
of
the
links.
All
the
metadata
that
get
links
here
to
external
website
may
not
be
available
or
may
be
available,
depending
on
how
the
network
is
configured
for
the
Yost's.
C
B
So
we
are
good
for
pip,
yeah
cool,
so
Python
people
another
way
to
be
honest,
the
simplest
way
to
set
up
Python
dependency,
so
it's
liberating
to
five
people
filing
to
find
out
lock,
and
it's
shielding
also
the
specific
people
to
tell
to
fetch
the
dependencies
from
this
custom
registry
here
and
to
trust
it.
It's
like
disabling
this
as
a
check.
It's
just
that
it's
manually
telling
to
trust
it.
So
again,
this
might
be
improved
if
a
custom
self
signed
certificate
and
I
lost.
My.
B
Jamaican
Python
job
so,
as
you
may
have
seen,
sometimes
we
have
a
gymnasium
job
sometime.
We
have
seen
in
Python
job,
so
gymnasium
is
ending
a
lot
of
different
languages
that
are
but
I'm
constat
ik,
which
just
rely
on
passing
a
static
file
in
the
repo
and
for
some
languages
like
genuine
Python
and
gypsum
maven.
We
need
to
do
some
more
logic
to
install
the
dependencies,
and
this
is
why
we
have
separate
analyzer
for
those
two
languages,
so
it's
working
there
and
showing
that
oh.
B
It's
not
finished
come
on
check
our
gap,
alright,
so
on
the
pipeline,
do
we
have
this
to
another
in
abilities,
coming
from
the
chain
engine
to
a
denominator
and
reloading
the
mate
requests?
We
know
this
in
the
widgets,
so
we
can
merge
them
and
go
back.
Look
at
this
pitch
is
it's
not
shown?
That's
come
cured
and
we'll
wait
for
the
pipeline
to
run
to
the
the
crazy
dashboard
on
different
cities
filled
with
data
and
we
lost
giving.
C
F
At
our
previous
company
mechana
used
to
work
with
this
managing
a
Vulcan
who
is
great
and
he
had
an
interesting
grading
style.
He
would
someone
demo
their
stuff
he'd,
be
like
great
job,
everybody
d-,
and
then
it
says
it
was
always
like
this
really
nice
compliment
and
like
d,
all
right,
f,
+,
ya,
good
under
the
next
one
Maggie's
doing
his
best
not
to
channel
both.
Then.
B
B
B
B
Alright,
so
we
might,
we
have
several
issues
with
Python
because
of
the
overlapping
between
depends
is
getting
unlicensed
compliance
when
it
comes
to
pythons
reports,
even
if
the
same
project,
we
have
some
kind
of
different
requirements
between
the
two
features,
so
this
is
why
it
makes
it
a
bit
harder
to
to
to
test,
but
thanks
a
lot.
You
go
for
the
great
stuff
you've
done
yesterday
and
we've
been
able
to
demonstrate
a
lot
today,
thanks
to
your
work.
So
thank
you
again.
It.