24 Jul 2023
Description of the left nav for security findings using a test project against a production instance of Gitlab
- 4 participants
- 23 minutes
1 Jun 2023
Staff Engineer Lucas Charles does a quick demo of the new GitLab 16.1 feature to specify a shared SAST custom ruleset configuration
- Documentation https://docs.gitlab.com/ee/user/application_security/sast/customize_rulesets.html#specify-a-remote-configuration-file
- Feature Issue https://gitlab.com/gitlab-org/gitlab/-/issues/393452/
- Documentation https://docs.gitlab.com/ee/user/application_security/sast/customize_rulesets.html#specify-a-remote-configuration-file
- Feature Issue https://gitlab.com/gitlab-org/gitlab/-/issues/393452/
- 1 participant
- 8 minutes
19 Apr 2023
This demo covers the changes that the Secure::Composition Analysis team is conducting as part of the continuous vulnerability scanning feature. If you'd like to learn more or track the progress of the work on Continuous Vulnerability Scanning for Dependency Scanning, see the epic below.
- Epic: https://gitlab.com/groups/gitlab-org/-/epics/9534
- Epic: https://gitlab.com/groups/gitlab-org/-/epics/9534
- 1 participant
- 4 minutes
6 Apr 2023
This demonstrates a possible workaround to configure Dependency Scanning for Java monorepository. This approach can be replicated for Scala and Python projects for which Dependency Scanning have a similar behavior.
Related issue for feature improvement: https://gitlab.com/gitlab-org/gitlab/-/issues/393078
Related issue for feature improvement: https://gitlab.com/gitlab-org/gitlab/-/issues/393078
- 1 participant
- 6 minutes
5 Apr 2023
This video is trimmed from a demo I gave during the weekly Composition Analysis meeting. More context on the change can be found in this MR: gitlab.com/gitlab-org/cluster-integration/gitlab-agent/-/merge_requests/909
- 1 participant
- 3 minutes
4 Apr 2023
Demo of SBOM report generation in Container Scanning for Trivy-based analyzers.
This contributes to the Continuous Vulnerability Scans feature by allowing to ingest components detected in container images.
This contributes to the Continuous Vulnerability Scans feature by allowing to ingest components detected in container images.
- 1 participant
- <1 minute
30 Mar 2023
Issue: https://gitlab.com/gitlab-org/gitlab/-/issues/299212
Documentation: https://docs.gitlab.com/ee/user/application_security/secret_detection/post_processing.html
Documentation: https://docs.gitlab.com/ee/user/application_security/secret_detection/post_processing.html
- 1 participant
- 4 minutes
22 Mar 2023
Staff Backend Engineer Lucas Charles does a quick demo of the new GitLab 15.10's feature to auto-resolve Static Analysis vulnerabilities when rules are disabled
- Release post: https://about.gitlab.com/releases/2023/03/22/gitlab-15-10-released/#automatically-resolve-sast-findings-when-rules-are-disabled
- Documentation https://docs.gitlab.com/ee/user/application_security/sast/#automatic-vulnerability-resolution
- Feature Issue https://gitlab.com/gitlab-org/gitlab/-/issues/368284
- Release post: https://about.gitlab.com/releases/2023/03/22/gitlab-15-10-released/#automatically-resolve-sast-findings-when-rules-are-disabled
- Documentation https://docs.gitlab.com/ee/user/application_security/sast/#automatic-vulnerability-resolution
- Feature Issue https://gitlab.com/gitlab-org/gitlab/-/issues/368284
- 1 participant
- 8 minutes
13 Dec 2022
Quick demo of https://about.gitlab.com/releases/2022/11/22/gitlab-15-6-released/#beta-automatic-revocation-of-leaked-personal-access-tokens
GitLab Secret Detection finds leaked credentials in your codebase so you can revoke them and protect your organization. It detects many kinds of sensitive values, including GitLab Personal Access Tokens.
GitLab is dogfooding a new feature where Personal Access Tokens on GitLab.com are automatically revoked if Secret Detection finds them leaked on the default branch of a public repository.
If your organization is interested in participating in this open beta, please let us know using the form linked in the above release post
GitLab Secret Detection finds leaked credentials in your codebase so you can revoke them and protect your organization. It detects many kinds of sensitive values, including GitLab Personal Access Tokens.
GitLab is dogfooding a new feature where Personal Access Tokens on GitLab.com are automatically revoked if Secret Detection finds them leaked on the default branch of a public repository.
If your organization is interested in participating in this open beta, please let us know using the form linked in the above release post
- 1 participant
- 6 minutes
21 Sep 2022
This is a recording from the meeting Container Scanning Transition Sync Session, where we have discussed the transition of Container Scanning feature, from Govern:Security Policies to Secure:Composition Analysis.
- 3 participants
- 6 minutes
4 Jul 2022
GitLab Premium feature:
* Documentation: https://docs.gitlab.com/ee/user/group/#group-access-restriction-by-ip-address
* Feature epic: https://gitlab.com/groups/gitlab-org/-/epics/6296
* Documentation: https://docs.gitlab.com/ee/user/group/#group-access-restriction-by-ip-address
* Feature epic: https://gitlab.com/groups/gitlab-org/-/epics/6296
- 1 participant
- 2 minutes
19 Jan 2022
In this video the presenter will demo the why and how to use GitLab Source Code Management and Security Scanning capabilities with Terraform Cloud.
- 1 participant
- 22 minutes
15 Dec 2021
This video and linked pages contain information related to upcoming products, features, and functionality.
It is important to note that the information presented is for informational purposes only. Please do not rely on this information for purchasing or planning purposes.
As with all projects, the items mentioned in this video and linked pages are subject to change or delay. The development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.
Chapters:
0:00 Disclaimer
0:28 Overview
1:50 Dependency Paths
3:05 SBOM MVC
4:37 Replace Licence Finder
6:14 Automatic Remediation Bot
7:03 Unordered List 1-5
11:28 Unordered List 6-10
15:50 Unordered List 11-15
23:57 Unordered List 16-22
31:09 Disclaimer again
It is important to note that the information presented is for informational purposes only. Please do not rely on this information for purchasing or planning purposes.
As with all projects, the items mentioned in this video and linked pages are subject to change or delay. The development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.
Chapters:
0:00 Disclaimer
0:28 Overview
1:50 Dependency Paths
3:05 SBOM MVC
4:37 Replace Licence Finder
6:14 Automatic Remediation Bot
7:03 Unordered List 1-5
11:28 Unordered List 6-10
15:50 Unordered List 11-15
23:57 Unordered List 16-22
31:09 Disclaimer again
- 1 participant
- 32 minutes
1 Dec 2021
- 4 participants
- 23 minutes
13 Oct 2021
- 4 participants
- 12 minutes
8 Oct 2021
This video is to learn about Dynamic Application Security Testing (DAST) and the application security training app called WebGoat. What DAST is, what WebGoat looks like and how GitLab's DAST security scanner reveals vulnerabilities is demonstrated in less than 15 mins.
- 1 participant
- 14 minutes
11 Sep 2021
Secure Stage Direction - https://about.gitlab.com/direction/secure/
* SAST Direction - https://about.gitlab.com/direction/secure/static-analysis/sast/
* Secret Detection Direction - https://about.gitlab.com/direction/secure/static-analysis/secret-detection/
* DAST Direction - https://about.gitlab.com/direction/secure/dynamic-analysis/dast/
* Dependency Scanning Direction - https://about.gitlab.com/direction/secure/composition-analysis/dependency-scanning/
* Fuzz Testing Direction - https://about.gitlab.com/direction/secure/dynamic-analysis/fuzz-testing/
* Vulnerability Database Direction - https://about.gitlab.com/direction/secure/vulnerability-research/vulnerability-database/
* Vulnerability Management Direction - https://about.gitlab.com/direction/secure/vulnerability_management/
* Security Orchestration Direction - https://about.gitlab.com/direction/protect/security_orchestration/
* SAST Direction - https://about.gitlab.com/direction/secure/static-analysis/sast/
* Secret Detection Direction - https://about.gitlab.com/direction/secure/static-analysis/secret-detection/
* DAST Direction - https://about.gitlab.com/direction/secure/dynamic-analysis/dast/
* Dependency Scanning Direction - https://about.gitlab.com/direction/secure/composition-analysis/dependency-scanning/
* Fuzz Testing Direction - https://about.gitlab.com/direction/secure/dynamic-analysis/fuzz-testing/
* Vulnerability Database Direction - https://about.gitlab.com/direction/secure/vulnerability-research/vulnerability-database/
* Vulnerability Management Direction - https://about.gitlab.com/direction/secure/vulnerability_management/
* Security Orchestration Direction - https://about.gitlab.com/direction/protect/security_orchestration/
- 5 participants
- 21 minutes
12 Aug 2021
Webinar for Commercial customers interested in using more of GitLab Secure stage, focused on implement the various scans and managing vulnerabilities in the dashboards and MRs. Hosted by Maxwell Power and the Commercial TAM group, this webinar covers what customers need to know to implement secure testing quickly.
- 1 participant
- 15 minutes
20 Jul 2021
- 7 participants
- 22 minutes
21 May 2021
This walkthrough will show off some of GitLab's Vulnerability Management features. You will see how both a developer and security team member can use them in their workflows while collaborating entirely inside GitLab.
0:00 Vulnerability management intro
1:09 Merge request security approvals setup
5:26 Security Dashboards
6:24 Vulnerability Report
9:02 Merge request security results
11:28 Security Center
14:37 Vulnerability details
15:30 Fixing vulnerabilities, no security approvals needed
16:53 Collaboration by creating issues from vulnerabilities
19:53 Using issue boards for vulnerability tracking
0:00 Vulnerability management intro
1:09 Merge request security approvals setup
5:26 Security Dashboards
6:24 Vulnerability Report
9:02 Merge request security results
11:28 Security Center
14:37 Vulnerability details
15:30 Fixing vulnerabilities, no security approvals needed
16:53 Collaboration by creating issues from vulnerabilities
19:53 Using issue boards for vulnerability tracking
- 1 participant
- 21 minutes
14 May 2021
A discussion mostly centred around https://gitlab.com/gitlab-org/gitlab/-/issues/327141
Chat notes:
00:05:51 Lindsay Kerr - FE EM, Secure & Protect: Apologies for being late, long running 1:1. Thanks for scheduling this Olivier.
00:10:09 Thomas Woodham - Engineering Manager, Secure: https://gitlab.com/gitlab-org/gitlab/-/issues/327141#note_572714485
00:15:44 Thiago Figueiro - BE Mgr., Threat Management: https://gitlab.com/groups/gitlab-org/-/epics/5709#scope
00:28:01 Lindsay Kerr - FE EM, Secure & Protect: https://gitlab.com/gitlab-org/gitlab/-/issues/10272
00:33:43 Thiago Figueiro - BE Mgr., Threat Management: Time check
00:33:47 Thiago Figueiro - BE Mgr., Threat Management: 7 minutes
Chat notes:
00:05:51 Lindsay Kerr - FE EM, Secure & Protect: Apologies for being late, long running 1:1. Thanks for scheduling this Olivier.
00:10:09 Thomas Woodham - Engineering Manager, Secure: https://gitlab.com/gitlab-org/gitlab/-/issues/327141#note_572714485
00:15:44 Thiago Figueiro - BE Mgr., Threat Management: https://gitlab.com/groups/gitlab-org/-/epics/5709#scope
00:28:01 Lindsay Kerr - FE EM, Secure & Protect: https://gitlab.com/gitlab-org/gitlab/-/issues/10272
00:33:43 Thiago Figueiro - BE Mgr., Threat Management: Time check
00:33:47 Thiago Figueiro - BE Mgr., Threat Management: 7 minutes
- 5 participants
- 42 minutes
29 Apr 2021
This is a video of a presentation done for the Composition Analysis group's show and tell on Criticality and Risk scores of open source dependencies.
- 3 participants
- 27 minutes
20 Apr 2021
Weekly meeting for the Secure:Threat Insights group.
Includes milestone kick-off for 13.12.
Includes milestone kick-off for 13.12.
- 7 participants
- 29 minutes
13 Apr 2021
A run-through of what the user experience might look like for a user when aggregated vulnerabilities is the default on DAST.
- 1 participant
- 7 minutes
31 Mar 2021
As of GitLab 13.9, you can now create Jira issues directly from vulnerability records in GitLab. See how to enable this new feature and see a quick demo of the integration.
- 1 participant
- 6 minutes
31 Mar 2021
Consistency in default behaviour of AST scanners and jobs
https://gitlab.com/groups/gitlab-org/-/epics/5334
https://gitlab.com/groups/gitlab-org/-/epics/5334
- 5 participants
- 51 minutes
8 Mar 2021
Secure Stage Direction - https://about.gitlab.com/direction/secure/
* SAST Direction - https://about.gitlab.com/direction/secure/static-analysis/sast/
* Secret Detection Direction - https://about.gitlab.com/direction/secure/static-analysis/secret-detection/
* DAST Direction - https://about.gitlab.com/direction/secure/dynamic-analysis/dast/
* Dependency Scanning Direction - https://about.gitlab.com/direction/secure/composition-analysis/dependency-scanning/
* Fuzz Testing Direction - https://about.gitlab.com/direction/secure/fuzz-testing/fuzz-testing/
* Vulnerability Database Direction - https://about.gitlab.com/direction/secure/vulnerability-research/vulnerability-database/
* Vulnerability Management Direction - https://about.gitlab.com/direction/secure/vulnerability_management/
* Security Orchestration Direction - https://about.gitlab.com/direction/protect/security_orchestration/
* SAST Direction - https://about.gitlab.com/direction/secure/static-analysis/sast/
* Secret Detection Direction - https://about.gitlab.com/direction/secure/static-analysis/secret-detection/
* DAST Direction - https://about.gitlab.com/direction/secure/dynamic-analysis/dast/
* Dependency Scanning Direction - https://about.gitlab.com/direction/secure/composition-analysis/dependency-scanning/
* Fuzz Testing Direction - https://about.gitlab.com/direction/secure/fuzz-testing/fuzz-testing/
* Vulnerability Database Direction - https://about.gitlab.com/direction/secure/vulnerability-research/vulnerability-database/
* Vulnerability Management Direction - https://about.gitlab.com/direction/secure/vulnerability_management/
* Security Orchestration Direction - https://about.gitlab.com/direction/protect/security_orchestration/
- 7 participants
- 24 minutes
2 Mar 2021
- 12 participants
- 31 minutes
1 Mar 2021
PM members from Growth, Secure, and Protect discuss features and upcoming initiatives to identify new opportunities for growth experiments. Keep unlisted as this discusses some forward-looking strategic items that may not be public.
- 7 participants
- 58 minutes
16 Feb 2021
Threat Insights group weekly discussion, APAC-friendly time, 2021-02-16
- 7 participants
- 27 minutes
14 Jan 2021
Backend Engineer Lucas Charles demonstrates the use of GitLab's Static Application Security Testing support for customizing pre-packaged security rulesets, using javascript and eslint security analyzer.
- GitLab SAST docs on customizing rulesets https://docs.gitlab.com/ee/user/application_security/sast/index.html#customize-rulesets
- Customizing Rulesets epic for upcoming capabilities https://gitlab.com/groups/gitlab-org/-/epics/4179
- GitLab SAST docs on customizing rulesets https://docs.gitlab.com/ee/user/application_security/sast/index.html#customize-rulesets
- Customizing Rulesets epic for upcoming capabilities https://gitlab.com/groups/gitlab-org/-/epics/4179
- 1 participant
- 13 minutes
9 Dec 2020
Secure Stage Direction - https://bit.ly/2F7WBxd
* SAST Direction - https://bit.ly/31TUyWI
* Secret Detection Direction - https://bit.ly/3lPMRZq
* DAST Direction - https://bit.ly/31UrjTy
* Dependency Scanning Direction - https://bit.ly/2QTc2wc
* Fuzz Testing Direction - https://bit.ly/3lHAazQ
* Vulnerability Database Direction - https://bit.ly/353jrBi
* Vulnerability Management Direction - https://bit.ly/32U9GTk
* Security Orchestration Direction - https://bit.ly/37SaiLx
* SAST Direction - https://bit.ly/31TUyWI
* Secret Detection Direction - https://bit.ly/3lPMRZq
* DAST Direction - https://bit.ly/31UrjTy
* Dependency Scanning Direction - https://bit.ly/2QTc2wc
* Fuzz Testing Direction - https://bit.ly/3lHAazQ
* Vulnerability Database Direction - https://bit.ly/353jrBi
* Vulnerability Management Direction - https://bit.ly/32U9GTk
* Security Orchestration Direction - https://bit.ly/37SaiLx
- 12 participants
- 1:05 hours
3 Dec 2020
Brainstorming session on benefits and limitations to splitting the analyzers/common library into separate modules and reducing interdependencies between GL groups
- Agenda https://docs.google.com/document/d/179JL5RzbgSIz2XZewbYn79cuX7_vUtte_TcoLwUUC5o/edit#
- Issue https://gitlab.com/gitlab-org/gitlab/-/issues/211819
- Agenda https://docs.google.com/document/d/179JL5RzbgSIz2XZewbYn79cuX7_vUtte_TcoLwUUC5o/edit#
- Issue https://gitlab.com/gitlab-org/gitlab/-/issues/211819
- 6 participants
- 59 minutes
19 Nov 2020
Synchronous discussion to breakdown the work required to implement Generic Security Report Schemas per design issue https://gitlab.com/gitlab-org/gitlab/-/issues/267193
- 5 participants
- 49 minutes
15 Sep 2020
Thank you for watching this preview of the upcoming Secure & Defend Section Public Livestream on 2020-09-17!
- 3 participants
- 14 minutes
9 Sep 2020
UI/FE revisions/updates to upcoming MVC to auto-create merge request w/fixes
https://gitlab.com/gitlab-org/gitlab/-/issues/234082/
and
https://gitlab.com/gitlab-org/gitlab/-/issues/235126
https://gitlab.com/gitlab-org/gitlab/-/issues/234082/
and
https://gitlab.com/gitlab-org/gitlab/-/issues/235126
- 1 participant
- 5 minutes
3 Sep 2020
This is the recording of a BrownBag presentation on introducing generic security reports in GitLab. https://gitlab.com/gitlab-org/secure/brown-bag-sessions/-/issues/35
- 7 participants
- 1:06 hours
26 Aug 2020
This video explains the background and goals of adding a CVE ID Request button to the issue sidebar in GitLab.
- 1 participant
- 10 minutes
25 Aug 2020
Cindy Blake gives pointers for how to have a successful GitLab Ultimate security capability discussion with customers and prospects.
Find the deck at https://docs.google.com/presentation/d/1bA8rgcHjzXCqyO14blOI877qBOilWbvbqcwMmJFN0sM/edit#slide=id.g2823c3f9ca_0_9
Find the deck at https://docs.google.com/presentation/d/1bA8rgcHjzXCqyO14blOI877qBOilWbvbqcwMmJFN0sM/edit#slide=id.g2823c3f9ca_0_9
- 1 participant
- 24 minutes
17 Aug 2020
In this video Mo Khan describes how to integrate the ORT into the the GitLab pipeline to produce a license scanning report.
* https://github.com/oss-review-toolkit/ort
* https://gitlab.com/gitlab-org/security-products/tests/java-maven/-/merge_requests/97
* https://github.com/oss-review-toolkit/ort
* https://gitlab.com/gitlab-org/security-products/tests/java-maven/-/merge_requests/97
- 1 participant
- 5 minutes
6 Aug 2020
Preview session for the upcoming Secure & Defend Section Group Conversation livestream scheduled for 2020-08-06. Hear updates related to the Secure & Defend stages from David DeSanto, Todd Stadelhofer, and Wayne Haber.
- 3 participants
- 11 minutes
27 Jul 2020
In this video Mo Khan a Senior Backend Engineer demos GitLab Security features in a Limited Connectivity Environment. The walkthrough also provides information on how to configure Secure tools in Offline/Limited Connectivity environments.
- 2 participants
- 59 minutes
6 Jul 2020
The DAST team walks through the issues/epics needed to bring DAST On-demand scans to life.
- 4 participants
- 1:04 hours
23 Jun 2020
Philippe Lafoucrière, Distinguished Engineer in Secure & Defend, demonstrates how to load Docker images onto an offline GitLab instance.
- 1 participant
- 5 minutes
23 Jun 2020
Secure stage brainstorming session on handling SchemaVer changes made to our Security Report Schemas
Agenda doc: https://docs.google.com/document/d/179JL5RzbgSIz2XZewbYn79cuX7_vUtte_TcoLwUUC5o/edit#
Security Report Schemas: https://gitlab.com/gitlab-org/security-products/security-report-schemas
Agenda doc: https://docs.google.com/document/d/179JL5RzbgSIz2XZewbYn79cuX7_vUtte_TcoLwUUC5o/edit#
Security Report Schemas: https://gitlab.com/gitlab-org/security-products/security-report-schemas
- 5 participants
- 52 minutes
17 Jun 2020
13.2 Release kickoff for Threat Insights group discusses what's in store for Vulnerability Management.
- 1 participant
- 10 minutes
17 Jun 2020
00:18 AST market
02:50 SAST, spell checker, identify by patterns
04:13 secret detection, API keys
04:46 DAST, deployed code
06:37 dependency scanning
08:04 container scanning
09:15 licence compliance
09:47 Fuzzing , business logic flaws
18:00 SAST, false positive, pattern matcher, spell checker
22:52 IAST
25:16 it sucks to set up fuzzing currently in most cases
33:10 fuzzers, logical flows, API's [...], SAST, DAST, heartbleed
02:50 SAST, spell checker, identify by patterns
04:13 secret detection, API keys
04:46 DAST, deployed code
06:37 dependency scanning
08:04 container scanning
09:15 licence compliance
09:47 Fuzzing , business logic flaws
18:00 SAST, false positive, pattern matcher, spell checker
22:52 IAST
25:16 it sucks to set up fuzzing currently in most cases
33:10 fuzzers, logical flows, API's [...], SAST, DAST, heartbleed
- 6 participants
- 51 minutes
11 Jun 2020
Preview session for the upcoming Secure & Defend Section Group Conversation livestream scheduled for 2020-06-15. Hear updates related to the Secure & Defend stages from David DeSanto, Todd Stadelhofer, and Wayne Haber.
- 3 participants
- 9 minutes
11 Jun 2020
Covers the dast-benchmark tool and workflow for creating baseline applications for benchmarking.
- 2 participants
- 28 minutes
20 May 2020
Reviewing a low-cost experiment aiming to drive direct feedback from users, reinforcing contribution guidelines, and possible user research recruiting
Issue: https://gitlab.com/gitlab-org/gitlab/-/issues/218369
Issue: https://gitlab.com/gitlab-org/gitlab/-/issues/218369
- 1 participant
- 5 minutes
20 May 2020
Reviewing epics with ux/usability improvement recommendations at the project and group level
0:00 - 2:57 context and current ux demo
2:57 - 20:18 epic issues overview (project level)
20:18 - 22:08 epic issues overview (group level)
epics:
https://gitlab.com/groups/gitlab-org/-/epics/2319
https://gitlab.com/groups/gitlab-org/-/epics/3202
0:00 - 2:57 context and current ux demo
2:57 - 20:18 epic issues overview (project level)
20:18 - 22:08 epic issues overview (group level)
epics:
https://gitlab.com/groups/gitlab-org/-/epics/2319
https://gitlab.com/groups/gitlab-org/-/epics/3202
- 3 participants
- 22 minutes
15 May 2020
reviewing issue: https://gitlab.com/gitlab-org/gitlab/-/issues/13298
0:00 - 2:15 context and problem overview
2:15 - 3:45 proposal review
3:45 next questions/considerations
0:00 - 2:15 context and problem overview
2:15 - 3:45 proposal review
3:45 next questions/considerations
- 1 participant
- 5 minutes
15 May 2020
a quick walkthrough of an early UI improvement ideation for the issue: https://gitlab.com/gitlab-org/gitlab/-/issues/198034
- 1 participant
- 3 minutes
8 May 2020
A video where we discuss the differences between:
Passive scans
Active scans
Full scans
API scans
Authenticated scans
Passive scans
Active scans
Full scans
API scans
Authenticated scans
- 2 participants
- 14 minutes
6 May 2020
DEC scoring session of candidate scope for SAST to be declared Complete.
- 12 participants
- 1:42 hours
5 May 2020
This is the second half of the first working session we had to define what it means for SAST to be declared complete.
- 6 participants
- 51 minutes
24 Apr 2020
This video Demos how GitLab pipelines can integrate with Jenkins, and poll the status of a Jenkins job in order to trigger further stages in the pipeline.
- 4 participants
- 21 minutes
16 Apr 2020
Session on backlog refinement for weekly secure planning office hours
- 5 participants
- 23 minutes
13 Apr 2020
Discussion on secure analyzer and orchestrator versioning strategies and upcoming deprecations
Relevant issues:
- Replace x-y-stable docker images with major tag for Security Products https://gitlab.com/gitlab-org/gitlab/-/issues/207128
- Pin minor version of SAST, DS analyzers https://gitlab.com/gitlab-org/gitlab/issues/10290
- Pin the minor version of Security Products (tools and analyzers) in the vendored templates https://gitlab.com/gitlab-org/gitlab/-/issues/9725
Relevant issues:
- Replace x-y-stable docker images with major tag for Security Products https://gitlab.com/gitlab-org/gitlab/-/issues/207128
- Pin minor version of SAST, DS analyzers https://gitlab.com/gitlab-org/gitlab/issues/10290
- Pin the minor version of Security Products (tools and analyzers) in the vendored templates https://gitlab.com/gitlab-org/gitlab/-/issues/9725
- 7 participants
- 58 minutes
3 Apr 2020
Prep walkthrough ahead of the upcoming Think-BIG session with Secure & Package team, the review includes:
• Container scanning configuration required at the project level https://docs.gitlab.com/ee/user/application_security/container_scanning/
• Displaying container vulnerabilities detected
• Filtering vulnerabilities from multiple images
• Suggested solution, current UX: create merge request with updates
• Suggested solution, future UX: auto-created merge request
• Suggested solution, future UX: show in merge request findings and solutions
• Secure/Package improvement issues for consideration
• Container scanning configuration required at the project level https://docs.gitlab.com/ee/user/application_security/container_scanning/
• Displaying container vulnerabilities detected
• Filtering vulnerabilities from multiple images
• Suggested solution, current UX: create merge request with updates
• Suggested solution, future UX: auto-created merge request
• Suggested solution, future UX: show in merge request findings and solutions
• Secure/Package improvement issues for consideration
- 1 participant
- 8 minutes
2 Apr 2020
Related project https://gitlab-airgap-test.us-west1-b.c.group-secure-a89fe7.internal/2020-04-02-ds-demo/js-npm
- 1 participant
- 5 minutes
30 Mar 2020
0:00 - 06:29 A brief history: proprietary software, free software movement, and open source
06:29 - 9:57 What are software licenses and what makes code open source?
9:57 - 15:25 Current UX review and next steps
06:29 - 9:57 What are software licenses and what makes code open source?
9:57 - 15:25 Current UX review and next steps
- 1 participant
- 15 minutes
25 Mar 2020
In this video we will try explaining relationship between vulnerability_feedback and vulnerability_occurrence data model. This will change in near future. https://gitlab.com/gitlab-org/gitlab/-/issues/205489
- 1 participant
- 5 minutes
20 Mar 2020
Related issues:
Add a new `id` property to replace the legacy `cve` in JSON common security report format: https://gitlab.com/gitlab-org/gitlab/issues/36777
Change vulnerability feedback identification: https://gitlab.com/gitlab-org/gitlab/-/issues/205489
Add a new `id` property to replace the legacy `cve` in JSON common security report format: https://gitlab.com/gitlab-org/gitlab/issues/36777
Change vulnerability feedback identification: https://gitlab.com/gitlab-org/gitlab/-/issues/205489
- 6 participants
- 34 minutes
19 Mar 2020
00:00 - 00:30 Introduction
00:30 - 02:50 Classification review
02:50 - 05:11 Current UX in Projects license compliance section
05:11 - 07:50 Current UX in merge request (newly detected licenses)
07:50 - 10:18 Latest proposal iteration review
10:18 - 11:07 Wrap up and next steps
Issue seen in video: https://gitlab.com/gitlab-org/gitlab/-/issues/196845
A related issue, displaying out-of-compliance: https://gitlab.com/gitlab-org/gitlab/-/issues/33870
00:30 - 02:50 Classification review
02:50 - 05:11 Current UX in Projects license compliance section
05:11 - 07:50 Current UX in merge request (newly detected licenses)
07:50 - 10:18 Latest proposal iteration review
10:18 - 11:07 Wrap up and next steps
Issue seen in video: https://gitlab.com/gitlab-org/gitlab/-/issues/196845
A related issue, displaying out-of-compliance: https://gitlab.com/gitlab-org/gitlab/-/issues/33870
- 1 participant
- 11 minutes
17 Mar 2020
UX iteration review on dependency list UI to improve displaying vulnerabilities, usability, readability
00:00 - 02:25 context and problem overview
02:25 - 08:02 iteration proposal review
Issue: https://gitlab.com/gitlab-org/gitlab/-/issues/195928
00:00 - 02:25 context and problem overview
02:25 - 08:02 iteration proposal review
Issue: https://gitlab.com/gitlab-org/gitlab/-/issues/195928
- 1 participant
- 8 minutes
15 Mar 2020
- 1 participant
- 8 minutes
12 Mar 2020
00:00 - 03:20 context, current UX, and problem to solve
03:20 - 04:42 latest iteration solution overview
04:42 - 06:08 issue feedback, next steps, and conclusion
Issue (license compliance): https://gitlab.com/gitlab-org/gitlab/-/issues/33870
Related issue (dependency list UI polish): https://gitlab.com/gitlab-org/gitlab/-/issues/195928
03:20 - 04:42 latest iteration solution overview
04:42 - 06:08 issue feedback, next steps, and conclusion
Issue (license compliance): https://gitlab.com/gitlab-org/gitlab/-/issues/33870
Related issue (dependency list UI polish): https://gitlab.com/gitlab-org/gitlab/-/issues/195928
- 1 participant
- 6 minutes
11 Mar 2020
This demo walks through how to configure DAST to run in an airgapped, or offline networked environment. For more information read
https://docs.gitlab.com/ee/user/application_security/dast/#running-dast-in-an-offline-air-gapped-installation
https://docs.gitlab.com/ee/user/application_security/dast/#running-dast-in-an-offline-air-gapped-installation
- 1 participant
- 6 minutes
11 Mar 2020
- 5 participants
- 56 minutes
27 Feb 2020
Brown Bag about Constraint Solving and practical applications. Edit: During the presentation, I wrongly used the term “assigning value”. Instead, I should have said “Impose an equality constraint”; On slide 27: The v_000 is redundant. We can remove it and start from v_001 instead.
- 8 participants
- 1:12 hours
26 Feb 2020
Demonstrates the autoremediation feature added to Container Scanning in release 12.8
- 1 participant
- 5 minutes
25 Feb 2020
This video goes over the Secure Data Model objects as they appear in the database.
This was recorded Feb 25, 2020.
More information on the Secure Data Model can be found here on the issue below, including links to supporting documents.
https://gitlab.com/gitlab-org/secure/brown-bag-sessions/issues/5
This was recorded Feb 25, 2020.
More information on the Secure Data Model can be found here on the issue below, including links to supporting documents.
https://gitlab.com/gitlab-org/secure/brown-bag-sessions/issues/5
- 7 participants
- 1:00 hours
21 Feb 2020
GitLab provides Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Container Scanning, and Dependency Scanning to help you deliver secure applications along with License Compliance.
The security scans display vulnerabilities in a uniform UI where a developer can resolve them before merging to master. The Security posture of a project or group of projects can be further assessed via the Security Dashboard.
The security scans display vulnerabilities in a uniform UI where a developer can resolve them before merging to master. The Security posture of a project or group of projects can be further assessed via the Security Dashboard.
- 1 participant
- 5 minutes
21 Feb 2020
00:00-01:56 background context
01:56-03:07 problem and ideation
03:07-08:06 design review
Related issue: https://gitlab.com/gitlab-org/gitlab/issues/202224
Problem validation issue: https://gitlab.com/gitlab-org/gitlab/issues/7149
01:56-03:07 problem and ideation
03:07-08:06 design review
Related issue: https://gitlab.com/gitlab-org/gitlab/issues/202224
Problem validation issue: https://gitlab.com/gitlab-org/gitlab/issues/7149
- 1 participant
- 8 minutes
20 Feb 2020
00:00-03:15 problem context
03:15-06:47 proposal ideation
06:47-10:30 discovery questions
%12.9 discovery overview looking into creating a security member for our upcoming auto-remediation feature; which auto-creates merge requests with fixes to vulnerabilities.
Discovery issue: https://gitlab.com/gitlab-org/gitlab/issues/197349
Related previous discovery, MVC (auto-creation of merge requests): https://www.youtube.com/watch?v=pbRhf0LHgq8&list=PL05JrBw4t0KrFCe5BgUkzFrZifjforQOz&index=13
03:15-06:47 proposal ideation
06:47-10:30 discovery questions
%12.9 discovery overview looking into creating a security member for our upcoming auto-remediation feature; which auto-creates merge requests with fixes to vulnerabilities.
Discovery issue: https://gitlab.com/gitlab-org/gitlab/issues/197349
Related previous discovery, MVC (auto-creation of merge requests): https://www.youtube.com/watch?v=pbRhf0LHgq8&list=PL05JrBw4t0KrFCe5BgUkzFrZifjforQOz&index=13
- 1 participant
- 11 minutes
17 Feb 2020
0:00-4:23 Context and flow configuring SAST, License Compliance, Dependency Scanning
4:23-9:47 Proposal when the user selects to configure DAST and/or Container Scanning UX
9:47-12:27 Related flow: untested projects on group dashboard anchors to the project configuration screen
Related issue: https://gitlab.com/gitlab-org/gitlab/issues/34771
Related video: https://www.youtube.com/watch?v=gKtVOMt5WO0
4:23-9:47 Proposal when the user selects to configure DAST and/or Container Scanning UX
9:47-12:27 Related flow: untested projects on group dashboard anchors to the project configuration screen
Related issue: https://gitlab.com/gitlab-org/gitlab/issues/34771
Related video: https://www.youtube.com/watch?v=gKtVOMt5WO0
- 1 participant
- 12 minutes
4 Feb 2020
Reviewing the latest UX iteration for this issue: https://gitlab.com/gitlab-org/gitlab/issues/196533
Related: recent auto-remediation MVC walkthrough https://www.youtube.com/watch?v=pbRhf0LHgq8&list=PL05JrBw4t0KrFCe5BgUkzFrZifjforQOz&index=13
Related: recent auto-remediation MVC walkthrough https://www.youtube.com/watch?v=pbRhf0LHgq8&list=PL05JrBw4t0KrFCe5BgUkzFrZifjforQOz&index=13
- 1 participant
- 12 minutes
21 Jan 2020
This is an updated workflow of adbcurate, i.e., our tool for semi-automated advisory generation from NVD.
- 3 participants
- 55 minutes
13 Jan 2020
GitLab 12.8 Kickoff - Secure:Static Analysis
- 12.8 Kickoff Playlist https://www.youtube.com/playlist?list=PL05JrBw4t0Kr4XRYBsCFiItndf76Y4izT
- Kickoff Survey https://docs.google.com/forms/d/e/1FAIpQLSdNyIB_Rk3rn2-PI-5dWhb7rUfBLmGziTlbmeKYP-mFQEESQQ/viewform
- 12.8 Kickoff Playlist https://www.youtube.com/playlist?list=PL05JrBw4t0Kr4XRYBsCFiItndf76Y4izT
- Kickoff Survey https://docs.google.com/forms/d/e/1FAIpQLSdNyIB_Rk3rn2-PI-5dWhb7rUfBLmGziTlbmeKYP-mFQEESQQ/viewform
- 1 participant
- 1 minute
7 Dec 2019
A demonstration of how the AJAX spidering feature of DAST works, and the kind of problem it solves.
- 1 participant
- 3 minutes
15 Nov 2019
0:00 - 1:26 • context and current UX
1:26 - 12:12 • MVC review
12:12 - end • resulting issues and next steps
Issue update: https://gitlab.com/gitlab-org/gitlab/issues/14059#note_245374632
Walking through a design iteration of auto-remediation MVC. This focuses on step 1. which is to auto-create merge requests that includes fixes to vulnerabilities. Our next step 2. will focus on auto-merging MRs with fixes to further automate the workflow.
1:26 - 12:12 • MVC review
12:12 - end • resulting issues and next steps
Issue update: https://gitlab.com/gitlab-org/gitlab/issues/14059#note_245374632
Walking through a design iteration of auto-remediation MVC. This focuses on step 1. which is to auto-create merge requests that includes fixes to vulnerabilities. Our next step 2. will focus on auto-merging MRs with fixes to further automate the workflow.
- 1 participant
- 16 minutes
6 Nov 2019
Walking through a design iteration of auto-remediation MVC. This focuses on step 1. which is to auto-create merge requests that includes fixes to vulnerabilities. Our next step 2. will focus on auto-merging MRs with fixes to further automate the workflow.
Issues update: https://gitlab.com/gitlab-org/gitlab/issues/14059#note_240956001
Issues update: https://gitlab.com/gitlab-org/gitlab/issues/14059#note_240956001
- 1 participant
- 16 minutes
24 Oct 2019
This video is one of the UX scorecard study at gitlab. The purpose of UX scorecard study is to identify, scope, and track the effort of addressing usability concerns within a specific workflow. Today we are focusing on on the secure area of gitlab, this is a feature for our ultimate users.
The persona for this UX scorecard study could be Security specialist, developers or dev ops who take care of the security of their product.
The scenario for this UX scorecard study is: as a security specialist, my main task monitoring and flagging events, running down high priority tasks. I just upgrade gitlab account, so that I want to try out the security feature.
The persona for this UX scorecard study could be Security specialist, developers or dev ops who take care of the security of their product.
The scenario for this UX scorecard study is: as a security specialist, my main task monitoring and flagging events, running down high priority tasks. I just upgrade gitlab account, so that I want to try out the security feature.
- 1 participant
- 14 minutes
16 Oct 2019
Here are the details of why do we need a row-level locking for a Vulnerability Occurrence (to be renamed to Finding) when we decide to create a new Vulnerability from it and attach this Finding to it.
- 1 participant
- 7 minutes
16 Oct 2019
This is the details on why do we need a row-level locking for a Vulnerability Occurrence (to be renamed to Finding) when we decide to create a new Vulnerability from it and attach this Finding to it.
- 1 participant
- 7 minutes
9 Oct 2019
This video demonstrates how Secure group leverage multi project pipeline feature of Gitlab to test analyzers end to end.
- 1 participant
- 4 minutes
26 Sep 2019
The Secure team reviewing the current state of license compliance feature, discussing priorities, and outlining next steps.
License compliance list issue: https://gitlab.com/gitlab-org/gitlab/issues/13582
Discovery, license policy MVC: https://gitlab.com/gitlab-org/gitlab/issues/12941
License compliance list issue: https://gitlab.com/gitlab-org/gitlab/issues/13582
Discovery, license policy MVC: https://gitlab.com/gitlab-org/gitlab/issues/12941
- 4 participants
- 17 minutes
23 Sep 2019
This is walkthrough of how the DAST repository and project are put together.
- 11 participants
- 58 minutes
19 Sep 2019
This is a short demo about adbcurate, a tool for automated advisory generation.
- 5 participants
- 52 minutes
9 Sep 2019
Quick demo on progress for enabling Web Application Firewall for Kubernetes
Issue: https://gitlab.com/gitlab-org/gitlab-ce/issues/65192
Issue: https://gitlab.com/gitlab-org/gitlab-ce/issues/65192
- 5 participants
- 29 minutes
4 Sep 2019
This is a casual Q/A discussion with Lucas C, GitLab's Sr. engineer who helped build our SAST functionality for APEX code in GitLab. In this video you'll see us discuss:
1. Overview of SAST in GitLab. Brief review of visual diagrams.
2. Details around how we leverage PMD under the hood and what all is currently supported for scanning.
3. Demo of how to set up SAST on a new project that has APEX code starting from a blank .gitlab-ci.yml template. Also we touch on setting up optional approval groups from Security teams.
4. How to leverage SAST in our existing Salesforce Project Template's .gitlab-ci.yml. In the video we create this MR : https://gitlab.com/sfdx/sfdx-project-template/merge_requests/2
Also check out resources at:
1. https://gitlab.com/sfdx
2. https://docs.gitlab.com/ee/user/application_security/sast/
3. https://pmd.github.io/pmd/
1. Overview of SAST in GitLab. Brief review of visual diagrams.
2. Details around how we leverage PMD under the hood and what all is currently supported for scanning.
3. Demo of how to set up SAST on a new project that has APEX code starting from a blank .gitlab-ci.yml template. Also we touch on setting up optional approval groups from Security teams.
4. How to leverage SAST in our existing Salesforce Project Template's .gitlab-ci.yml. In the video we create this MR : https://gitlab.com/sfdx/sfdx-project-template/merge_requests/2
Also check out resources at:
1. https://gitlab.com/sfdx
2. https://docs.gitlab.com/ee/user/application_security/sast/
3. https://pmd.github.io/pmd/
- 2 participants
- 32 minutes
19 Aug 2019
UX team reviews and ideates on low-fidelity designs for day I and setup UX for Secure features
- 4 participants
- 21 minutes
13 Aug 2019
We are talking about the right approach moving Security scanning reports from the Frontend to the Backend. This is related to an epic [0] in order to resolve technical debt, furthermore this enables us to work on removing a docker-in-docker requirement for certain scanning types ([1]) and clears the path to deliver better UX for our features [2]
[0]: https://gitlab.com/groups/gitlab-org/-/epics/1425
[1]: https://gitlab.com/groups/gitlab-org/-/epics/971
[2]: https://gitlab.com/gitlab-org/gitlab-ee/issues/12896
[0]: https://gitlab.com/groups/gitlab-org/-/epics/1425
[1]: https://gitlab.com/groups/gitlab-org/-/epics/971
[2]: https://gitlab.com/gitlab-org/gitlab-ee/issues/12896
- 8 participants
- 35 minutes
12 Aug 2019
Weekly meeting of those in GitLab's combined Static and Dynamic Analysis groups.
- 3 participants
- 13 minutes
1 Aug 2019
In this video, we discuss how permissions are implemented in GitLab codebase and what policies we use for Secure features.
https://gitlab.com/gitlab-org/security-products/brown-bag-sessions/issues/1
https://gitlab.com/gitlab-org/security-products/brown-bag-sessions/issues/1
- 4 participants
- 24 minutes
26 Jul 2019
In this video we discuss the backend implementation around the Security Approvals in Merge Requests MVC.
https://gitlab.com/gitlab-org/gitlab-ee/issues/9928
https://gitlab.com/gitlab-org/gitlab-ee/issues/9928
- 5 participants
- 29 minutes
15 Jul 2019
Secure Group discussing on this issue: https://gitlab.com/gitlab-org/gitlab-ee/issues/10479
- 3 participants
- 16 minutes
8 Jul 2019
Secure Group discussing on this issue: https://gitlab.com/gitlab-org/gitlab-ee/issues/10479
- 4 participants
- 32 minutes
6 Jul 2019
Walkthrough of a Secure feature: license management, which is included in our Ultimate tier. It’s important to note that this feature is at a very early stage and is currently considered as an MVP. There are a lot of upcoming improvements so this video will quickly get outdated.
This is part of the GitLab Design team’s Baseline-Experience initiative, where we audit our existing core features quarterly and propose improvement recommendations.
Experience Baseline Documentation: https://about.gitlab.com/handbook/engineering/ux/experience-baseline-recommendations/
Related issues:
https://gitlab.com/gitlab-org/gitlab-design/issues/402
https://gitlab.com/gitlab-org/gitlab-design/issues/478
Secure UX: https://about.gitlab.com/handbook/engineering/ux/stage-group-ux-strategy/secure/
This is part of the GitLab Design team’s Baseline-Experience initiative, where we audit our existing core features quarterly and propose improvement recommendations.
Experience Baseline Documentation: https://about.gitlab.com/handbook/engineering/ux/experience-baseline-recommendations/
Related issues:
https://gitlab.com/gitlab-org/gitlab-design/issues/402
https://gitlab.com/gitlab-org/gitlab-design/issues/478
Secure UX: https://about.gitlab.com/handbook/engineering/ux/stage-group-ux-strategy/secure/
- 1 participant
- 13 minutes
1 Jul 2019
Kyle walking through a design recommendation for the layout on our Security Dashboard feature.
Secure UX team: https://about.gitlab.com/handbook/engineering/ux/stage-group-ux-strategy/secure/index.html
Baseline Experience: https://about.gitlab.com/handbook/engineering/ux/experience-baseline-recommendations/
Secure UX team: https://about.gitlab.com/handbook/engineering/ux/stage-group-ux-strategy/secure/index.html
Baseline Experience: https://about.gitlab.com/handbook/engineering/ux/experience-baseline-recommendations/
- 7 participants
- 29 minutes
27 Jun 2019
Philippe Lafoucrière, Distinguished Engineer, explains why and how Docker-in-Docker (DinD) is used for our Security Products, and the common pitfalls when configuring privileged GitLab Runners.
- 4 participants
- 26 minutes
18 Jun 2019
Walking through design recommendation for the layout on our Security Dashboard feature. This is part 2 of our Baseline Experience initiative.
Links:
Security Dashboard Documentation: https://docs.gitlab.com/ee/user/application_security/security_dashboard/
Baseline Initiative: https://about.gitlab.com/handbook/eng...
Part 1 issue, audit: https://gitlab.com/gitlab-org/gitlab-design/issues/401
Part 1 experience walkthrough: https://www.youtube.com/watch?v=_JtUdaTyAbk&list=PL05JrBw4t0KqkW0oPW3n0HqVgKcONVnO5&index=3
Part 2 issue, recommendation: https://gitlab.com/gitlab-org/gitlab-design/issues/460
Links:
Security Dashboard Documentation: https://docs.gitlab.com/ee/user/application_security/security_dashboard/
Baseline Initiative: https://about.gitlab.com/handbook/eng...
Part 1 issue, audit: https://gitlab.com/gitlab-org/gitlab-design/issues/401
Part 1 experience walkthrough: https://www.youtube.com/watch?v=_JtUdaTyAbk&list=PL05JrBw4t0KqkW0oPW3n0HqVgKcONVnO5&index=3
Part 2 issue, recommendation: https://gitlab.com/gitlab-org/gitlab-design/issues/460
- 1 participant
- 8 minutes
15 Jun 2019
Quick overview of the features under the Secure SCA group:
- Intro 0:08
- Dependency Scanning: 0:49
- Container Scanning: 6:36
- License Management (being renamed License Compliance): 13:06
- Vulnerability database: 20:39
- Misc: 25:37
- Intro 0:08
- Dependency Scanning: 0:49
- Container Scanning: 6:36
- License Management (being renamed License Compliance): 13:06
- Vulnerability database: 20:39
- Misc: 25:37
- 5 participants
- 32 minutes
4 Jun 2019
Walking through "job to be done" baseline experience: When reviewing vulnerabilities for multiple projects, I want to see them all in one location, so that I can prioritize my efforts to resolve or triage them while seeing the larger picture.
Overview: dashboard feature is at an early product stage and considered an MVP. The user we are designing for works in an organization's web security department. Roles such as: security analysts, security engineers, or head of security. Although, some mid-to-smaller organizations may not have a dedicated security department, in this case the users would likely be: developers, tech leads, and devops engineers.
Links:
Security Dashboard Documentation: https://docs.gitlab.com/ee/user/application_security/security_dashboard/
Baseline Initiative: https://about.gitlab.com/handbook/engineering/ux/experience-baseline-recommendations/#grading-rubric
Issue: https://gitlab.com/gitlab-org/gitlab-design/issues/401
Overview: dashboard feature is at an early product stage and considered an MVP. The user we are designing for works in an organization's web security department. Roles such as: security analysts, security engineers, or head of security. Although, some mid-to-smaller organizations may not have a dedicated security department, in this case the users would likely be: developers, tech leads, and devops engineers.
Links:
Security Dashboard Documentation: https://docs.gitlab.com/ee/user/application_security/security_dashboard/
Baseline Initiative: https://about.gitlab.com/handbook/engineering/ux/experience-baseline-recommendations/#grading-rubric
Issue: https://gitlab.com/gitlab-org/gitlab-design/issues/401
- 1 participant
- 6 minutes
5 Apr 2019
Secure group brainstorming about the Bill of Materials upcoming feature.
https://gitlab.com/groups/gitlab-org/-/epics/858
https://gitlab.com/groups/gitlab-org/-/epics/858
- 4 participants
- 28 minutes
11 Mar 2019
One of the challenges the Secure team is facing is being able to reliably track vulnerabilities between commits, when their location has changed. This is a short video showing why and how to address this issue.
https://gitlab.com/gitlab-org/gitlab-ee/issues/7586
https://gitlab.com/gitlab-org/gitlab-ee/issues/7586
- 1 participant
- 7 minutes
5 Feb 2019
In this video we present our vision for the Secure stage, and which is the roadmap for the next months.
You can read more on https://about.gitlab.com/direction/secure/
You can read more on https://about.gitlab.com/direction/secure/
- 1 participant
- 12 minutes
17 Jan 2019
Retrospective of the 11.7 iteration in the Secure Team. Like usual, we cover what went well, what went wrong, and what can be improved.
- 7 participants
- 27 minutes
2 Nov 2018
Preview of the upcoming Security Dashboard at the Group level by Sam Beckham (Secure Team).
- 1 participant
- 8 minutes
19 Sep 2018
Discuss the API for the Security Dashboard at the group level.
This meeting was to discuss and validate the final contract between backend and frontend. More info: https://gitlab.com/gitlab-org/gitlab-ee/issues/6709
This meeting was to discuss and validate the final contract between backend and frontend. More info: https://gitlab.com/gitlab-org/gitlab-ee/issues/6709
- 5 participants
- 49 minutes
18 Sep 2018
Kickoff of the Security Dashboard at the group level with the Secure Team (including backend, frontend, and UX members).
This meeting was to discuss and validate the Final “incremental” design. More info: https://gitlab.com/gitlab-org/gitlab-ee/issues/6709
This meeting was to discuss and validate the Final “incremental” design. More info: https://gitlab.com/gitlab-org/gitlab-ee/issues/6709
- 7 participants
- 59 minutes
8 Jan 2018
In this session, we are scheduling the tasks for the next iteration (GitLab 11.8, starting January 8th, 2018).
After the planning meeting with the Product Manager, we need to evaluate what can the team commit to, depending on each task complexity, but also the team availability.
After the planning meeting with the Product Manager, we need to evaluate what can the team commit to, depending on each task complexity, but also the team availability.
- 8 participants
- 1:08 hours