GitLab / Secure Stage

Add meeting Rate page Subscribe

GitLab / Secure Stage

These are all the meetings we have in "Secure Stage" (part of the organization "GitLab"). Click into individual meeting pages to watch the recording and search or read the transcript.

24 Jul 2023

Description of the left nav for security findings using a test project against a production instance of Gitlab
  • 4 participants
  • 23 minutes
git
demo
gitlab
remote
debug
version
showing
project
screenshots
threat
youtube image

1 Jun 2023

Staff Engineer Lucas Charles does a quick demo of the new GitLab 16.1 feature to specify a shared SAST custom ruleset configuration

- Documentation https://docs.gitlab.com/ee/user/application_security/sast/customize_rulesets.html#specify-a-remote-configuration-file
- Feature Issue https://gitlab.com/gitlab-org/gitlab/-/issues/393452/
  • 1 participant
  • 8 minutes
gitlab
remote
remotely
configuration
custom
specifying
predefined
repository
security
demoing
youtube image

31 May 2023

No description provided.
  • 6 participants
  • 37 minutes
components
templates
preparation
concern
discussed
blueprints
provider
manage
versioning
design
youtube image

26 Apr 2023

No description provided.
  • 8 participants
  • 26 minutes
vulnerability
vulnerabilities
secure
security
capability
validated
dependencies
considerations
manages
operationalize
youtube image

21 Apr 2023

No description provided.
  • 3 participants
  • 22 minutes
security
safeguards
secure
strategic
vulnerability
advanced
capabilities
proprietary
important
software
youtube image

19 Apr 2023

This demo covers the changes that the Secure::Composition Analysis team is conducting as part of the continuous vulnerability scanning feature. If you'd like to learn more or track the progress of the work on Continuous Vulnerability Scanning for Dependency Scanning, see the epic below.

- Epic: https://gitlab.com/groups/gitlab-org/-/epics/9534
  • 1 participant
  • 4 minutes
scanned
detected
enhancements
advisories
repository
vulnerability
project
cyclone
continuous
analysis
youtube image

6 Apr 2023

This demonstrates a possible workaround to configure Dependency Scanning for Java monorepository. This approach can be replicated for Scala and Python projects for which Dependency Scanning have a similar behavior.

Related issue for feature improvement: https://gitlab.com/gitlab-org/gitlab/-/issues/393078
  • 1 participant
  • 6 minutes
scanning
scan
project
repository
pencil
tedious
execute
generating
vulnerabilities
subfolders
youtube image

5 Apr 2023

This video is trimmed from a demo I gave during the weekly Composition Analysis meeting. More context on the change can be found in this MR: gitlab.com/gitlab-org/cluster-integration/gitlab-agent/-/merge_requests/909
  • 1 participant
  • 3 minutes
scan
gitlab
configured
vulnerabilities
ports
security
debug
dashboard
kubernetes
watcher
youtube image

4 Apr 2023

Demo of SBOM report generation in Container Scanning for Trivy-based analyzers.

This contributes to the Continuous Vulnerability Scans feature by allowing to ingest components detected in container images.
  • 1 participant
  • <1 minute
asbomb
gitlab
bomb
scanning
docker
container
project
glscom
backend
tiwari
youtube image

30 Mar 2023

  • 1 participant
  • 4 minutes
write_repository
gitlab
leaked
repository
secret
tokens
gitleaks
revoked
credentials
backend
youtube image

22 Mar 2023

Staff Backend Engineer Lucas Charles does a quick demo of the new GitLab 15.10's feature to auto-resolve Static Analysis vulnerabilities when rules are disabled

- Release post: https://about.gitlab.com/releases/2023/03/22/gitlab-15-10-released/#automatically-resolve-sast-findings-when-rules-are-disabled
- Documentation https://docs.gitlab.com/ee/user/application_security/sast/#automatic-vulnerability-resolution
- Feature Issue https://gitlab.com/gitlab-org/gitlab/-/issues/368284
  • 1 participant
  • 8 minutes
auto
analysis
injection
bot
gitlive
behavior
demo
feature
vulnerabilities
detected
youtube image

8 Feb 2023

No description provided.
  • 3 participants
  • 27 minutes
approvals
approvers
approval
approved
approving
certifying
license
allowing
considerations
somewhat
youtube image

13 Dec 2022

Quick demo of https://about.gitlab.com/releases/2022/11/22/gitlab-15-6-released/#beta-automatic-revocation-of-leaked-personal-access-tokens

GitLab Secret Detection finds leaked credentials in your codebase so you can revoke them and protect your organization. It detects many kinds of sensitive values, including GitLab Personal Access Tokens.

GitLab is dogfooding a new feature where Personal Access Tokens on GitLab.com are automatically revoked if Secret Detection finds them leaked on the default branch of a public repository.

If your organization is interested in participating in this open beta, please let us know using the form linked in the above release post
  • 1 participant
  • 6 minutes
gitlab
access
revoked
tokens
user
security
leaked
secret
demoing
gilab
youtube image

12 Dec 2022

No description provided.
  • 3 participants
  • 16 minutes
security
vulnerability
gitlab
maintenance
managed
software
validated
kubernetes
process
roadmap
youtube image

30 Nov 2022

No description provided.
  • 5 participants
  • 24 minutes
maintainer
developers
workflow
execute
secure
commit
intend
extensions
roadmap
ide
youtube image

21 Sep 2022

This is a recording from the meeting Container Scanning Transition Sync Session, where we have discussed the transition of Container Scanning feature, from Govern:Security Policies to Secure:Composition Analysis.
  • 3 participants
  • 6 minutes
trivi
vulnerabilities
licensing
vulnerability
repository
concerns
alpine
updated
oracle
scanning
youtube image

12 Sep 2022

No description provided.
  • 5 participants
  • 28 minutes
security
protect
manage
governed
redesigning
policies
maintainers
consolidation
section
proactive
youtube image

4 Jul 2022

  • 1 participant
  • 2 minutes
ssh
permissions
ip
vip
access
git
restrict
enabling
protocols
https
youtube image

10 Jun 2022

No description provided.
  • 1 participant
  • 9 minutes
milestones
scheduling
pto
prioritization
updates
concerns
priority
planning
process
feature
youtube image

14 Apr 2022

No description provided.
  • 7 participants
  • 17 minutes
approvals
security
updates
policies
lab
provides
manage
scanners
advanced
fyi
youtube image

19 Jan 2022

In this video the presenter will demo the why and how to use GitLab Source Code Management and Security Scanning capabilities with Terraform Cloud.
  • 1 participant
  • 22 minutes
git
terraform
managed
lab
cloud
repository
gitlab
discussed
integration
scripting
youtube image

18 Jan 2022

No description provided.
  • 5 participants
  • 24 minutes
discussion
workflow
customer
initiative
expecting
concern
currently
manage
support
offer
youtube image

15 Dec 2021

This video and linked pages contain information related to upcoming products, features, and functionality.
It is important to note that the information presented is for informational purposes only. Please do not rely on this information for purchasing or planning purposes.
As with all projects, the items mentioned in this video and linked pages are subject to change or delay. The development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.

Chapters:
0:00 Disclaimer
0:28 Overview
1:50 Dependency Paths
3:05 SBOM MVC
4:37 Replace Licence Finder
6:14 Automatic Remediation Bot
7:03 Unordered List 1-5
11:28 Unordered List 6-10
15:50 Unordered List 11-15
23:57 Unordered List 16-22
31:09 Disclaimer again
  • 1 participant
  • 32 minutes
mvc
comprehensive
dependencies
roadmap
bot
enhancements
software
maintainers
patch
cvss
youtube image

13 Dec 2021

No description provided.
  • 6 participants
  • 22 minutes
issue
security
tweaks
opting
reviews
manage
warn
allowing
discussion
log4j
youtube image

1 Dec 2021

  • 4 participants
  • 23 minutes
retrospective
refinements
analyzer
retargets
considered
features
version
testing
issue
milestone
youtube image

23 Nov 2021

No description provided.
  • 3 participants
  • 7 minutes
planning
discussion
proposal
issue
secure
refinement
approved
uncertainty
breakdown
shouldn
youtube image

13 Oct 2021

  • 4 participants
  • 12 minutes
vulnerabilities
security
dashboard
vulnerability
insights
gitlab
threat
issue
worry
deprecating
youtube image

8 Oct 2021

This video is to learn about Dynamic Application Security Testing (DAST) and the application security training app called WebGoat. What DAST is, what WebGoat looks like and how GitLab's DAST security scanner reveals vulnerabilities is demonstrated in less than 15 mins.
  • 1 participant
  • 14 minutes
dast
webcode
vulnerable
applications
testing
dev
web
security
git
backend
youtube image

7 Oct 2021

No description provided.
  • 2 participants
  • 23 minutes
priorities
workflow
manage
kit
responsibilities
protect
overview
processes
priority
planning
youtube image

28 Sep 2021

Weekly meeting for the Secure:Threat Insights group
  • 8 participants
  • 23 minutes
triage
status
detected
threat
consideration
ensuring
backend
notice
caveat
deprecation
youtube image

21 Sep 2021

Weekly meeting for the Secure:Threat Insights group
  • 4 participants
  • 33 minutes
vulnerabilities
apis
concern
insights
vulnerability
generic
gitlab
validate
threat
interface
youtube image

7 Sep 2021

Weekly meeting for the Secure:Threat Insights group
  • 5 participants
  • 7 minutes
support
security
gerardo
worry
important
threat
gitlab
greeted
maintainer
curiosity
youtube image

24 Aug 2021

Weekly meeting for the Secure:Threat Insights group
  • 7 participants
  • 25 minutes
threat
insights
vulnerabilities
managed
issue
similar
security
vulnerability
concerned
reports
youtube image

12 Aug 2021

Webinar for Commercial customers interested in using more of GitLab Secure stage, focused on implement the various scans and managing vulnerabilities in the dashboards and MRs. Hosted by Maxwell Power and the Commercial TAM group, this webinar covers what customers need to know to implement secure testing quickly.
  • 1 participant
  • 15 minutes
gitlab
security
git
debug
scanning
vulnerabilities
packagelock
repository
technical
secure
youtube image

20 Jul 2021

  • 7 participants
  • 22 minutes
cwe
suggestion
implementing
threat
webinar
planning
users
insights
deterministic
cv
youtube image

5 Jul 2021

No description provided.
  • 3 participants
  • 20 minutes
packages
dependencies
compile
analyzers
package
versions
compatible
processing
proxy
modules
youtube image

23 Jun 2021

No description provided.
  • 4 participants
  • 11 minutes
rails
discussed
performance
feature
lab
demos
engineering
week
regulation
recommendations
youtube image

22 Jun 2021

Weekly meeting for the Secure:Threat Insights group.
  • 7 participants
  • 29 minutes
concerns
vulnerability
auto
insights
issuer
threat
security
issue
vulnerabilities
discussion
youtube image

16 Jun 2021

No description provided.
  • 5 participants
  • 13 minutes
schedule
soon
updated
guidelines
announcement
attend
expect
wednesday
takes
signups
youtube image

15 Jun 2021

Weekly meeting for the Secure:Threat Insights group.
  • 4 participants
  • 22 minutes
audit
concerns
planning
security
insights
advance
resolutions
workflow
3b
threat
youtube image

10 Jun 2021

No description provided.
  • 7 participants
  • 34 minutes
scanners
das
analyzers
security
problematic
dashboard
delete
updated
triage
process
youtube image

9 Jun 2021

No description provided.
  • 4 participants
  • 8 minutes
important
platform
weekly
reports
advisory
ahead
priority
delivery
review
stuff
youtube image

2 Jun 2021

No description provided.
  • 5 participants
  • 11 minutes
improvements
gitlab
stuff
schedule
ahead
attention
having
good
hillary
features
youtube image

26 May 2021

No description provided.
  • 7 participants
  • 21 minutes
important
review
maintaining
updates
security
concern
provides
features
critical
ahead
youtube image

25 May 2021

Weekly meeting for the Secure:Threat Insights group.
  • 6 participants
  • 22 minutes
statuses
concern
backend
insights
jira
discussed
message
prioritizing
threat
hover
youtube image

21 May 2021

This walkthrough will show off some of GitLab's Vulnerability Management features. You will see how both a developer and security team member can use them in their workflows while collaborating entirely inside GitLab.

0:00 Vulnerability management intro
1:09 Merge request security approvals setup
5:26 Security Dashboards
6:24 Vulnerability Report
9:02 Merge request security results
11:28 Security Center
14:37 Vulnerability details
15:30 Fixing vulnerabilities, no security approvals needed
16:53 Collaboration by creating issues from vulnerabilities
19:53 Using issue boards for vulnerability tracking
  • 1 participant
  • 21 minutes
security
git
vulnerability
developer
vulnerabilities
repository
approvals
manage
verify
process
youtube image

18 May 2021

Weekly meeting for the Secure:Threat Insights group.
  • 4 participants
  • 21 minutes
pipeline
concerns
planning
git
breakdown
reporting
process
ahead
webhook
jira
youtube image

14 May 2021

A discussion mostly centred around https://gitlab.com/gitlab-org/gitlab/-/issues/327141


Chat notes:
00:05:51 Lindsay Kerr - FE EM, Secure & Protect: Apologies for being late, long running 1:1. Thanks for scheduling this Olivier.
00:10:09 Thomas Woodham - Engineering Manager, Secure: https://gitlab.com/gitlab-org/gitlab/-/issues/327141#note_572714485
00:15:44 Thiago Figueiro - BE Mgr., Threat Management: https://gitlab.com/groups/gitlab-org/-/epics/5709#scope
00:28:01 Lindsay Kerr - FE EM, Secure & Protect: https://gitlab.com/gitlab-org/gitlab/-/issues/10272
00:33:43 Thiago Figueiro - BE Mgr., Threat Management: Time check
00:33:47 Thiago Figueiro - BE Mgr., Threat Management: 7 minutes
  • 5 participants
  • 42 minutes
analyzers
docker
discussion
managed
versioning
concern
clarifying
backend
venerab
git
youtube image

8 May 2021

No description provided.
  • 1 participant
  • 2 minutes
relic
download
service
video
content
pipeline
china
demo
allows
request
youtube image

29 Apr 2021

This is a video of a presentation done for the Composition Analysis group's show and tell on Criticality and Risk scores of open source dependencies.
  • 3 participants
  • 27 minutes
critical
security
ossf
collaboration
maintainers
disclosing
vulnerability
relies
project
foundation
youtube image

20 Apr 2021

Weekly meeting for the Secure:Threat Insights group.


Includes milestone kick-off for 13.12.
  • 7 participants
  • 29 minutes
milestones
insights
threat
backend
discussion
updates
ready
blocking
issuing
prioritize
youtube image

13 Apr 2021

No description provided.
  • 6 participants
  • 29 minutes
concerns
dash
insights
milestones
triage
vulnerability
threat
blocking
updates
slack
youtube image

13 Apr 2021

A run-through of what the user experience might look like for a user when aggregated vulnerabilities is the default on DAST.
  • 1 participant
  • 7 minutes
vulnerabilities
aggregated
scanning
widget
security
vulnerability
issue
site
loading
detected
youtube image

6 Apr 2021

No description provided.
  • 7 participants
  • 28 minutes
security
discussions
feedbacks
planning
version
message
taking
issue
follow
whatnot
youtube image

31 Mar 2021

As of GitLab 13.9, you can now create Jira issues directly from vulnerability records in GitLab. See how to enable this new feature and see a quick demo of the integration.
  • 1 participant
  • 6 minutes
vulnerabilities
gitlab
jira
integrations
enabling
vulnerability
issue
security
detection
button
youtube image

31 Mar 2021

Consistency in default behaviour of AST scanners and jobs
https://gitlab.com/groups/gitlab-org/-/epics/5334
  • 5 participants
  • 51 minutes
troubleshooting
dangerbot
testing
warnings
vulnerabilities
executed
fail
severity
report
risk
youtube image

30 Mar 2021

No description provided.
  • 7 participants
  • 21 minutes
concerns
department
refinement
protect
section
management
deliver
responsibility
threat
discussed
youtube image

29 Mar 2021

No description provided.
  • 2 participants
  • 15 minutes
http
view
headers
api
ui
request
demo
dashboard
post
message
youtube image

18 Mar 2021

A discussion of how Browserker Authentication works.
  • 4 participants
  • 32 minutes
authentication
dast
domain
oauth
browser
users
access
das
logout
forum
youtube image

18 Mar 2021

Demo of interactive Corpus Management page
  • 1 participant
  • 3 minutes
corpus
demoing
fetch
uploads
mocked
data
loading
endpoints
updated
ui
youtube image

2 Mar 2021

No description provided.
  • 2 participants
  • 2 minutes
updated
secure
merge
backlog
nice
guidelines
shared
appsec
refinement
stuff
youtube image

2 Mar 2021

  • 12 participants
  • 31 minutes
discussion
haircut
upvoting
posts
commenting
planning
having
questioned
head
debate
youtube image

1 Mar 2021

PM members from Growth, Secure, and Protect discuss features and upcoming initiatives to identify new opportunities for growth experiments. Keep unlisted as this discusses some forward-looking strategic items that may not be public.
  • 7 participants
  • 58 minutes
security
initiatives
advanced
onboarding
promising
review
approvals
launched
monitoring
upgrades
youtube image

23 Feb 2021

Weekly meeting for the Secure:Threat Insights group
  • 6 participants
  • 17 minutes
concerns
dashboards
vulnerabilities
planning
security
insights
threat
vulnerability
discussion
ready
youtube image

16 Feb 2021

Threat Insights group weekly discussion, APAC-friendly time, 2021-02-16
  • 7 participants
  • 27 minutes
chilly
thanks
having
thiago
hey
sebastian
recording
texas
shortly
going
youtube image

9 Feb 2021

No description provided.
  • 1 participant
  • 9 minutes
graphql
corpus
endpoint
package
data
mock
implementation
proof
ajax
demo
youtube image

8 Feb 2021

No description provided.
  • 4 participants
  • 10 minutes
recent
analyzers
slos
edited
review
updated
weekend
event
performance
ahead
youtube image

2 Feb 2021

No description provided.
  • 6 participants
  • 29 minutes
permissions
policies
approver
gitlab
security
maintainers
das
scan
permission
repository
youtube image

25 Jan 2021

No description provided.
  • 5 participants
  • 25 minutes
planning
weekly
important
geo
months
maintenance
currently
schedule
staging
announcement
youtube image

14 Jan 2021

Backend Engineer Lucas Charles demonstrates the use of GitLab's Static Application Security Testing support for customizing pre-packaged security rulesets, using javascript and eslint security analyzer.


- GitLab SAST docs on customizing rulesets https://docs.gitlab.com/ee/user/application_security/sast/index.html#customize-rulesets
- Customizing Rulesets epic for upcoming capabilities https://gitlab.com/groups/gitlab-org/-/epics/4179
  • 1 participant
  • 13 minutes
authentication
gitlab
sast
predefined
tomml
devops
security
configuration
validation
password
youtube image

12 Jan 2021

Weekly meeting for the Secure:Threat Insights group
  • 5 participants
  • 12 minutes
discussion
subashi
concerns
feature
savash
issue
noticed
documentation
asking
felipe
youtube image

11 Jan 2021

No description provided.
  • 6 participants
  • 33 minutes
discussions
race
currently
quorum
issue
planning
monday
duty
taking
commentary
youtube image

4 Jan 2021

No description provided.
  • 6 participants
  • 14 minutes
weekly
retrospectives
soon
milestone
holiday
recent
2021
retro
whatnot
turnaround
youtube image

14 Dec 2020

No description provided.
  • 5 participants
  • 14 minutes
approvals
soon
gitlab
fyi
security
going
alrighty
disruption
commitments
guidelines
youtube image

9 Dec 2020

Secure Stage Direction - https://bit.ly/2F7WBxd
* SAST Direction - https://bit.ly/31TUyWI
* Secret Detection Direction - https://bit.ly/3lPMRZq
* DAST Direction - https://bit.ly/31UrjTy
* Dependency Scanning Direction - https://bit.ly/2QTc2wc
* Fuzz Testing Direction - https://bit.ly/3lHAazQ
* Vulnerability Database Direction - https://bit.ly/353jrBi
* Vulnerability Management Direction - https://bit.ly/32U9GTk
* Security Orchestration Direction - https://bit.ly/37SaiLx
  • 12 participants
  • 1:05 hours
security
stages
gigaom
secure
important
sam
ready
interim
protect
concerns
youtube image

7 Dec 2020

No description provided.
  • 6 participants
  • 24 minutes
weekly
github
expecting
tomorrow
having
announcement
tweeting
ongoing
security
office
youtube image

3 Dec 2020

Brainstorming session on benefits and limitations to splitting the analyzers/common library into separate modules and reducing interdependencies between GL groups


- Agenda https://docs.google.com/document/d/179JL5RzbgSIz2XZewbYn79cuX7_vUtte_TcoLwUUC5o/edit#
- Issue https://gitlab.com/gitlab-org/gitlab/-/issues/211819
  • 6 participants
  • 59 minutes
repository
discussion
versioning
dependencies
shared
consensus
repositories
analyzers
consolidating
issue
youtube image

30 Nov 2020

No description provided.
  • 9 participants
  • 29 minutes
pto
currently
scheduled
thanks
weekly
updated
vacation
going
readiness
taking
youtube image

19 Nov 2020

Synchronous discussion to breakdown the work required to implement Generic Security Report Schemas per design issue https://gitlab.com/gitlab-org/gitlab/-/issues/267193
  • 5 participants
  • 49 minutes
discussion
plan
report
refinements
summarize
initiatives
taking
structure
reviewing
frontend
youtube image

17 Nov 2020

Weekly meeting for the Secure:Threat Insights group
  • 4 participants
  • 20 minutes
discussion
concerns
dismissal
expecting
threat
mike
consideration
discussions
approaches
report
youtube image

16 Nov 2020

No description provided.
  • 8 participants
  • 31 minutes
discussion
weekly
plan
pto
retrospectives
having
approval
monday
concerns
finally
youtube image

12 Nov 2020

No description provided.
  • 5 participants
  • 27 minutes
packages
detection
repos
latest
repository
dependency
secure
dependencies
git
operational
youtube image

10 Nov 2020

Weekly meeting for the Secure:Threat Insights group
  • 6 participants
  • 26 minutes
initiatives
threat
troubleshooting
insights
updates
concern
vulnerability
edge
advance
manage
youtube image

9 Nov 2020

No description provided.
  • 7 participants
  • 26 minutes
updated
veterans
schedule
attending
announcements
support
decent
weekly
issue
report
youtube image

4 Nov 2020

Weekly meeting for the Secure:Threat Insights group
  • 4 participants
  • 26 minutes
security
gitlab
vulnerability
discussion
insights
crowdsource
updates
threat
gotcha
management
youtube image

2 Nov 2020

No description provided.
  • 7 participants
  • 38 minutes
revamping
backlog
refinement
deprecations
2021
comments
rethink
planning
having
improving
youtube image

27 Oct 2020

Weekly meeting for the Secure:Threat Insights group
  • 6 participants
  • 29 minutes
security
concerns
threat
managed
mark
come
careful
vulnerabilities
updated
blocking
youtube image

27 Oct 2020

No description provided.
  • 1 participant
  • 10 minutes
validation
das
gitlab
scans
manage
app
ensure
capabilities
security
site
youtube image

26 Oct 2020

No description provided.
  • 7 participants
  • 30 minutes
augmenting
issue
expecting
token
announcements
ethan
discussions
endpoint
processing
patch
youtube image

20 Oct 2020

Weekly meeting for the Secure:Threat Insights group
  • 7 participants
  • 31 minutes
gitlab
issue
monitoring
discussion
threat
thiago
prioritization
pushback
insights
helpers
youtube image

19 Oct 2020

No description provided.
  • 5 participants
  • 24 minutes
important
pto
announced
secretly
soon
post
pass
coverage
preview
taking
youtube image

6 Oct 2020

Weekly meeting for the Secure:Threat Insights group
  • 8 participants
  • 17 minutes
concerns
discussion
secure
consider
vulnerability
thoughts
important
speculating
planning
insights
youtube image

5 Oct 2020

No description provided.
  • 5 participants
  • 37 minutes
reviewer
suggesting
concern
judgment
carefully
gitlab
maintainers
discussion
experts
initiative
youtube image

5 Oct 2020

No description provided.
  • 9 participants
  • 32 minutes
reviewing
collaboration
prioritize
suggestion
discussions
maintainers
coordinating
reviewer
concern
opinions
youtube image

29 Sep 2020

Weekly meeting for the Secure:Threat Insights group
  • 10 participants
  • 30 minutes
vulnerability
introduction
staff
concerns
security
contributor
topic
insight
important
report
youtube image

28 Sep 2020

No description provided.
  • 5 participants
  • 25 minutes
manages
suggested
coach
contribution
centralizing
cognizant
capacity
planning
pause
having
youtube image

24 Sep 2020

No description provided.
  • 3 participants
  • 47 minutes
workflow
pki
scheduling
gitlab
pipelines
process
monitoring
protocols
project
commit
youtube image

24 Sep 2020

No description provided.
  • 5 participants
  • 36 minutes
software
packages
capabilities
dependencies
scm
proprietary
analyzed
approved
materials
package
youtube image

22 Sep 2020

Weekly meeting for the Secure:Threat Insights group
  • 7 participants
  • 30 minutes
epic
concerns
assigned
insights
planning
targeting
approach
security
suggestions
project
youtube image

17 Sep 2020

No description provided.
  • 7 participants
  • 18 minutes
security
secure
protection
strategic
threat
support
defense
managed
updates
wildfires
youtube image

15 Sep 2020

Thank you for watching this preview of the upcoming Secure & Defend Section Public Livestream on 2020-09-17!
  • 3 participants
  • 14 minutes
security
fuzzing
alerts
processing
buzzing
vulnerability
updates
happening
safeguards
deployment
youtube image

9 Sep 2020

  • 5 participants
  • 56 minutes
analyzer
dependencies
finalize
log
backend
framework
updates
merge
debugging
package
youtube image

9 Sep 2020

UI/FE revisions/updates to upcoming MVC to auto-create merge request w/fixes

https://gitlab.com/gitlab-org/gitlab/-/issues/234082/
and
https://gitlab.com/gitlab-org/gitlab/-/issues/235126
  • 1 participant
  • 5 minutes
alert
fixes
updates
dashboard
threats
gitlab
autofix
scheduled
feature
insights
youtube image

8 Sep 2020

No description provided.
  • 6 participants
  • 28 minutes
crypto
concerns
vxnet
log
scanning
going
vulnerabilities
message
gitlab
safeguards
youtube image

3 Sep 2020

This is the recording of a BrownBag presentation on introducing generic security reports in GitLab. https://gitlab.com/gitlab-org/secure/brown-bag-sessions/-/issues/35
  • 7 participants
  • 1:06 hours
security
generic
discussion
analyzers
capabilities
concern
scanners
vulnerability
threat
proposal
youtube image

2 Sep 2020

Weekly meeting for the Secure:Threat Insights group
  • 7 participants
  • 31 minutes
security
discussion
alert
threat
completed
planning
contributor
takes
approvals
challenges
youtube image

31 Aug 2020

No description provided.
  • 5 participants
  • 38 minutes
vulnerabilities
project
issue
vulnerability
lanthra
critical
remediated
patches
eslint
dependencies
youtube image

26 Aug 2020

This video explains the background and goals of adding a CVE ID Request button to the issue sidebar in GitLab.
  • 1 participant
  • 10 minutes
maintainer
cves
validating
merge
vulnerabilities
affects
documentation
helper
maintainers
triages
youtube image

25 Aug 2020

Cindy Blake gives pointers for how to have a successful GitLab Ultimate security capability discussion with customers and prospects.
Find the deck at https://docs.google.com/presentation/d/1bA8rgcHjzXCqyO14blOI877qBOilWbvbqcwMmJFN0sM/edit#slide=id.g2823c3f9ca_0_9
  • 1 participant
  • 24 minutes
security
git
secures
protection
secure
concern
manage
authentication
defend
vulnerability
youtube image

17 Aug 2020

In this video Mo Khan describes how to integrate the ORT into the the GitLab pipeline to produce a license scanning report.

* https://github.com/oss-review-toolkit/ort
* https://gitlab.com/gitlab-org/security-products/tests/java-maven/-/merge_requests/97
  • 1 participant
  • 5 minutes
scanning
license
gitlab
toolkit
ort
docker
software
analyzer
exporting
project
youtube image

6 Aug 2020

Preview session for the upcoming Secure & Defend Section Group Conversation livestream scheduled for 2020-08-06. Hear updates related to the Secure & Defend stages from David DeSanto, Todd Stadelhofer, and Wayne Haber.
  • 3 participants
  • 11 minutes
security
fuzzing
analyzers
monitoring
configure
updates
sas
policies
processing
secure
youtube image

27 Jul 2020

In this video Mo Khan a Senior Backend Engineer demos GitLab Security features in a Limited Connectivity Environment. The walkthrough also provides information on how to configure Secure tools in Offline/Limited Connectivity environments.
  • 2 participants
  • 59 minutes
setups
gitlab
offline
docker
bastion
hosted
demoing
packages
firewall
devops
youtube image

22 Jul 2020

Weekly meeting for the Secure:Threat Insights group
  • 5 participants
  • 24 minutes
implementation
reordering
issue
added
workflow
tweaks
thinking
planning
threadingsite
refinement
youtube image

17 Jul 2020

No description provided.
  • 1 participant
  • 11 minutes
security
vulnerability
tweak
insights
triage
enhancement
scanners
secure
strategy
noticed
youtube image

7 Jul 2020

Weekly meeting for the Secure:Threat Insights group
  • 9 participants
  • 29 minutes
filtered
discussion
demos
watch
deer
report
insights
threat
thing
dashboard
youtube image

6 Jul 2020

The DAST team walks through the issues/epics needed to bring DAST On-demand scans to life.
  • 4 participants
  • 1:04 hours
milestones
workflow
refinement
manages
version
iterations
scanned
deliverables
schedule
validation
youtube image

1 Jul 2020

No description provided.
  • 1 participant
  • 4 minutes
dashboard
vulnerabilities
filtering
security
message
configured
dashboards
vulnerability
error
improve
youtube image

23 Jun 2020

Philippe Lafoucrière, Distinguished Engineer in Secure & Defend, demonstrates how to load Docker images onto an offline GitLab instance.
  • 1 participant
  • 5 minutes
github
secure
repository
hosted
gitlab
dependencies
commit
ci
registry
cloud
youtube image

23 Jun 2020

Secure stage brainstorming session on handling SchemaVer changes made to our Security Report Schemas


Agenda doc: https://docs.google.com/document/d/179JL5RzbgSIz2XZewbYn79cuX7_vUtte_TcoLwUUC5o/edit#


Security Report Schemas: https://gitlab.com/gitlab-org/security-products/security-report-schemas
  • 5 participants
  • 52 minutes
security
revisions
requirements
validating
schema
issue
approvals
discussion
patch
scanning
youtube image

17 Jun 2020

  • 1 participant
  • 5 minutes
secure
finalize
functionality
improvements
prioritizing
maintaining
trackers
scanning
slow
issue
youtube image

17 Jun 2020

13.2 Release kickoff for Threat Insights group discusses what's in store for Vulnerability Management.
  • 1 participant
  • 10 minutes
vulnerability
enhancements
gitlab
security
detection
vulnerabilities
scanners
important
notice
tweaks
youtube image

17 Jun 2020

00:18 AST market
02:50 SAST, spell checker, identify by patterns
04:13 secret detection, API keys
04:46 DAST, deployed code
06:37 dependency scanning
08:04 container scanning
09:15 licence compliance
09:47 Fuzzing , business logic flaws
18:00 SAST, false positive, pattern matcher, spell checker
22:52 IAST
25:16 it sucks to set up fuzzing currently in most cases
33:10 fuzzers, logical flows, API's [...], SAST, DAST, heartbleed
  • 6 participants
  • 51 minutes
security
ast
testers
deploying
scrutiny
advanced
sca
defend
briefings
services
youtube image

11 Jun 2020

Preview session for the upcoming Secure & Defend Section Group Conversation livestream scheduled for 2020-06-15. Hear updates related to the Secure & Defend stages from David DeSanto, Todd Stadelhofer, and Wayne Haber.
  • 3 participants
  • 9 minutes
security
fuzzer
alerts
priority
buzz
secure
stuff
service
management
peach
youtube image

11 Jun 2020

No description provided.
  • 3 participants
  • 43 minutes
security
dashboards
router
previous
planning
monitoring
browser
advanced
concerns
delegated
youtube image

11 Jun 2020

Covers the dast-benchmark tool and workflow for creating baseline applications for benchmarking.
  • 2 participants
  • 28 minutes
benchmark
scanning
comparisons
vulnerabilities
query
tooling
verification
test
access
methods
youtube image

10 Jun 2020

No description provided.
  • 4 participants
  • 1:09 hours
versioning
semantic
version
specification
versions
patch
intermediate
updates
meta
subversion
youtube image

5 Jun 2020

No description provided.
  • 1 participant
  • 5 minutes
bitwise
critical
vulnerabilities
complicated
variable
options
statement
bit
variants
nested
youtube image

20 May 2020

Reviewing a low-cost experiment aiming to drive direct feedback from users, reinforcing contribution guidelines, and possible user research recruiting
Issue: https://gitlab.com/gitlab-org/gitlab/-/issues/218369
  • 1 participant
  • 5 minutes
guidelines
users
license
contribute
notice
openness
secure
downside
compliance
issue
youtube image

20 May 2020

Reviewing epics with ux/usability improvement recommendations at the project and group level

0:00 - 2:57 context and current ux demo
2:57 - 20:18 epic issues overview (project level)
20:18 - 22:08 epic issues overview (group level)

epics:
https://gitlab.com/groups/gitlab-org/-/epics/2319
https://gitlab.com/groups/gitlab-org/-/epics/3202
  • 3 participants
  • 22 minutes
approvals
security
license
checks
accountability
approver
improvements
allowing
monitoring
vulnerabilities
youtube image

15 May 2020

  • 1 participant
  • 6 minutes
scanning
secure
utilization
updates
mvc
license
ast
bot
standards
documentation
youtube image

15 May 2020

reviewing issue: https://gitlab.com/gitlab-org/gitlab/-/issues/13298
0:00 - 2:15 context and problem overview
2:15 - 3:45 proposal review
3:45 next questions/considerations
  • 1 participant
  • 5 minutes
testing
vulnerabilities
scanning
projects
dashboard
detection
security
vulnerability
noted
ux
youtube image

15 May 2020

a quick walkthrough of an early UI improvement ideation for the issue: https://gitlab.com/gitlab-org/gitlab/-/issues/198034
  • 1 participant
  • 3 minutes
dependencies
vulnerability
link
vulnerabilities
dependency
moodle
ux
issue
visible
popover
youtube image

13 May 2020

Working session to discuss how DAST will get to complete.
  • 7 participants
  • 1:33 hours
large
dex
complicated
smalls
epochs
medium
lengthy
sizing
effort
analyzing
youtube image

11 May 2020

No description provided.
  • 6 participants
  • 33 minutes
refinement
planning
consideration
implementation
transitioning
proposed
responsibilities
guidance
having
process
youtube image

11 May 2020

No description provided.
  • 6 participants
  • 57 minutes
merging
dependencies
consider
licensing
problematic
dependency
forking
versions
duplication
review
youtube image

11 May 2020

No description provided.
  • 11 participants
  • 34 minutes
policies
approvals
regulatory
discussion
manage
functionality
stipulates
allowing
organizational
policy
youtube image

8 May 2020

A video where we discuss the differences between:

Passive scans
Active scans
Full scans
API scans
Authenticated scans
  • 2 participants
  • 14 minutes
scan
passive
proxy
scanned
scanning
process
scans
active
server
access
youtube image

7 May 2020

Final working session to define and scope SAST to Complete.
  • 9 participants
  • 1:18 hours
assess
tedious
refinement
analyzers
complexity
metacognition
amending
discussed
process
tasks
youtube image

6 May 2020

DEC scoring session of candidate scope for SAST to be declared Complete.
  • 12 participants
  • 1:42 hours
capabilities
sizings
analysis
big
ship
complexity
refinements
scrutinized
scale
supporting
youtube image

5 May 2020

This is the second half of the first working session we had to define what it means for SAST to be declared complete.
  • 6 participants
  • 51 minutes
analyzers
severity
concerns
capabilities
amending
processing
vulnerability
analyzer
report
considerations
youtube image

5 May 2020

No description provided.
  • 3 participants
  • 14 minutes
secure
security
protect
securing
proactive
defend
vulnerability
protecting
threat
demoed
youtube image

27 Apr 2020

  • 3 participants
  • 36 minutes
thorough
dependencies
hub
gitlab
analyzers
technical
initiatives
workflow
features
versioning
youtube image

24 Apr 2020

This video Demos how GitLab pipelines can integrate with Jenkins, and poll the status of a Jenkins job in order to trigger further stages in the pipeline.
  • 4 participants
  • 21 minutes
process
jenkins
vulnerabilities
secure
deploying
fail
approvals
pipelines
capabilities
rfp
youtube image

16 Apr 2020

Session on backlog refinement for weekly secure planning office hours
  • 5 participants
  • 23 minutes
log
editing
issue
workflow
comments
loggers
maintenance
slack
refinement
planning
youtube image

13 Apr 2020

Discussion on secure analyzer and orchestrator versioning strategies and upcoming deprecations


Relevant issues:
- Replace x-y-stable docker images with major tag for Security Products https://gitlab.com/gitlab-org/gitlab/-/issues/207128
- Pin minor version of SAST, DS analyzers https://gitlab.com/gitlab-org/gitlab/issues/10290
- Pin the minor version of Security Products (tools and analyzers) in the vendored templates https://gitlab.com/gitlab-org/gitlab/-/issues/9725
  • 7 participants
  • 58 minutes
updates
versioning
major
security
stable
version
concerns
sas
repository
analyzers
youtube image

3 Apr 2020

Prep walkthrough ahead of the upcoming Think-BIG session with Secure & Package team, the review includes:
• Container scanning configuration required at the project level https://docs.gitlab.com/ee/user/application_security/container_scanning/
• Displaying container vulnerabilities detected
• Filtering vulnerabilities from multiple images
• Suggested solution, current UX: create merge request with updates
• Suggested solution, future UX: auto-created merge request
• Suggested solution, future UX: show in merge request findings and solutions
• Secure/Package improvement issues for consideration
  • 1 participant
  • 8 minutes
vulnerabilities
scanning
security
docker
patch
container
vulnerability
git
widget
detected
youtube image

2 Apr 2020

  • 1 participant
  • 5 minutes
registry
dependency
npm
defenses
needs
script
repository
dependencies
configured
verify
youtube image

30 Mar 2020

0:00 - 06:29 A brief history: proprietary software, free software movement, and open source
06:29 - 9:57 What are software licenses and what makes code open source?
9:57 - 15:25 Current UX review and next steps
  • 1 participant
  • 15 minutes
software
licensing
proprietary
version
hobbyists
introduction
gpl
hackers
freedoms
royalties
youtube image

25 Mar 2020

In this video we will try explaining relationship between vulnerability_feedback and vulnerability_occurrence data model. This will change in near future. https://gitlab.com/gitlab-org/gitlab/-/issues/205489
  • 1 participant
  • 5 minutes
fingerprints
vulnerability
mrv
project
important
persistence
analyzers
fingerprint
issue
vulnerabilities
youtube image

25 Mar 2020

No description provided.
  • 9 participants
  • 1:03 hours
setup
checkpoint
jssh
demoing
scan
remote
bastion
capabilities
licensees
killcam
youtube image

20 Mar 2020

Related issues:
Add a new `id` property to replace the legacy `cve` in JSON common security report format: https://gitlab.com/gitlab-org/gitlab/issues/36777
Change vulnerability feedback identification: https://gitlab.com/gitlab-org/gitlab/-/issues/205489
  • 6 participants
  • 34 minutes
identification
remediations
cbi
matters
secured
analyzers
cvid
revisit
unique
improving
youtube image

20 Mar 2020

No description provided.
  • 14 participants
  • 50 minutes
demoing
sas
interim
prepping
host
setup
instructions
policy
present
project
youtube image

19 Mar 2020

00:00 - 00:30 Introduction
00:30 - 02:50 Classification review
02:50 - 05:11 Current UX in Projects license compliance section
05:11 - 07:50 Current UX in merge request (newly detected licenses)
07:50 - 10:18 Latest proposal iteration review
10:18 - 11:07 Wrap up and next steps

Issue seen in video: https://gitlab.com/gitlab-org/gitlab/-/issues/196845
A related issue, displaying out-of-compliance: https://gitlab.com/gitlab-org/gitlab/-/issues/33870
  • 1 participant
  • 11 minutes
approvals
license
deny
flagged
clarifying
approved
licenses
approval
allow
configuration
youtube image

18 Mar 2020

No description provided.
  • 1 participant
  • 10 minutes
package
docker
offline
npm
gitlab
configure
remote
server
inspect
repository
youtube image

17 Mar 2020

UX iteration review on dependency list UI to improve displaying vulnerabilities, usability, readability
00:00 - 02:25 context and problem overview
02:25 - 08:02 iteration proposal review
Issue: https://gitlab.com/gitlab-org/gitlab/-/issues/195928
  • 1 participant
  • 8 minutes
vulnerability
dependencies
vulnerabilities
status
issue
fixes
security
important
glance
dashboard
youtube image

16 Mar 2020

License Compliance in air-gapped networks
  • 9 participants
  • 55 minutes
licenses
implementation
compliant
detected
dependencies
existing
registry
concerning
manage
processes
youtube image

16 Mar 2020

No description provided.
  • 12 participants
  • 23 minutes
internet
gitlab
offline
manages
remote
roadmap
network
disconnected
initiative
boundaries
youtube image

15 Mar 2020

  • 1 participant
  • 8 minutes
license
allow
approved
maintainer
policies
allowing
licenses
deny
actionable
subtle
youtube image

13 Mar 2020

No description provided.
  • 5 participants
  • 29 minutes
firewall
air
configuration
hosts
connectivity
ports
ssh
allowing
gapped
interface
youtube image

12 Mar 2020

00:00 - 03:20 context, current UX, and problem to solve
03:20 - 04:42 latest iteration solution overview
04:42 - 06:08 issue feedback, next steps, and conclusion

Issue (license compliance): https://gitlab.com/gitlab-org/gitlab/-/issues/33870
Related issue (dependency list UI polish): https://gitlab.com/gitlab-org/gitlab/-/issues/195928
  • 1 participant
  • 6 minutes
licenses
maintainer
policies
detected
approval
license
considerations
violation
configured
allow
youtube image

11 Mar 2020

This demo walks through how to configure DAST to run in an airgapped, or offline networked environment. For more information read
https://docs.gitlab.com/ee/user/application_security/dast/#running-dast-in-an-offline-air-gapped-installation
  • 1 participant
  • 6 minutes
offline
gas
docker
webgoat
download
tasks
server
demo
pull
connections
youtube image

11 Mar 2020

  • 5 participants
  • 56 minutes
scanning
project
setup
implementation
process
sas
problems
providing
scan
operating
youtube image

5 Mar 2020

No description provided.
  • 1 participant
  • 12 minutes
troubleshooting
scanning
issue
mou
merge
permissions
process
bug
tweaking
fork
youtube image

3 Mar 2020

Security Approvals outside of the Merge Request context
  • 3 participants
  • 30 minutes
approvals
approver
dashboard
bypassing
approvers
approval
merge
secure
manage
emergent
youtube image

27 Feb 2020

Brown Bag about Constraint Solving and practical applications. Edit: During the presentation, I wrongly used the term “assigning value”. Instead, I should have said “Impose an equality constraint”; On slide 27: The v_000 is redundant. We can remove it and start from v_001 instead.
  • 8 participants
  • 1:12 hours
solvers
implementing
boolean
constraint
formulating
symbolic
solver
solving
problems
capabilities
youtube image

26 Feb 2020

Demonstrates the autoremediation feature added to Container Scanning in release 12.8
  • 1 participant
  • 5 minutes
docker
vulnerabilities
remediation
commit
scanning
container
executed
repository
dockerfile
project
youtube image

25 Feb 2020

This video goes over the Secure Data Model objects as they appear in the database.

This was recorded Feb 25, 2020.

More information on the Secure Data Model can be found here on the issue below, including links to supporting documents.
https://gitlab.com/gitlab-org/secure/brown-bag-sessions/issues/5
  • 7 participants
  • 1:00 hours
secure
backend
discussed
handle
database
brownback
access
relying
intonating
background
youtube image

21 Feb 2020

GitLab provides Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Container Scanning, and Dependency Scanning to help you deliver secure applications along with License Compliance.

The security scans display vulnerabilities in a uniform UI where a developer can resolve them before merging to master. The Security posture of a project or group of projects can be further assessed via the Security Dashboard.
  • 1 participant
  • 5 minutes
security
workflows
gitlab
gil
scanning
vulnerabilities
lifecycle
developer
oversight
analyzes
youtube image

21 Feb 2020

00:00-01:56 background context
01:56-03:07 problem and ideation
03:07-08:06 design review

Related issue: https://gitlab.com/gitlab-org/gitlab/issues/202224
Problem validation issue: https://gitlab.com/gitlab-org/gitlab/issues/7149
  • 1 participant
  • 8 minutes
license
validation
project
auditing
issue
dashboard
software
policies
scanning
documentation
youtube image

20 Feb 2020

00:00-03:15 problem context
03:15-06:47 proposal ideation
06:47-10:30 discovery questions

%12.9 discovery overview looking into creating a security member for our upcoming auto-remediation feature; which auto-creates merge requests with fixes to vulnerabilities.

Discovery issue: https://gitlab.com/gitlab-org/gitlab/issues/197349
Related previous discovery, MVC (auto-creation of merge requests): https://www.youtube.com/watch?v=pbRhf0LHgq8&list=PL05JrBw4t0KrFCe5BgUkzFrZifjforQOz&index=13
  • 1 participant
  • 11 minutes
bots
permission
auto
merge
configuring
users
mvc
fix
bot
opts
youtube image

17 Feb 2020

0:00-4:23 Context and flow configuring SAST, License Compliance, Dependency Scanning
4:23-9:47 Proposal when the user selects to configure DAST and/or Container Scanning UX
9:47-12:27 Related flow: untested projects on group dashboard anchors to the project configuration screen

Related issue: https://gitlab.com/gitlab-org/gitlab/issues/34771
Related video: https://www.youtube.com/watch?v=gKtVOMt5WO0
  • 1 participant
  • 12 minutes
configuring
analyzer
mvc
secure
merge
workflow
scanned
facilitating
licence
dashboard
youtube image

4 Feb 2020

Reviewing the latest UX iteration for this issue: https://gitlab.com/gitlab-org/gitlab/issues/196533

Related: recent auto-remediation MVC walkthrough https://www.youtube.com/watch?v=pbRhf0LHgq8&list=PL05JrBw4t0KrFCe5BgUkzFrZifjforQOz&index=13
  • 1 participant
  • 12 minutes
vulnerabilities
improvements
security
detected
issue
vulnerability
scanning
patches
clarifications
mvc
youtube image

21 Jan 2020

This is an updated workflow of adbcurate, i.e., our tool for semi-automated advisory generation from NVD.
  • 3 participants
  • 55 minutes
advisory
debugging
adb
informations
updated
automated
analyzers
implementation
relevant
adviser
youtube image

15 Jan 2020

GitLab 12.8 Kickoff - Secure:Dynamic Analysis
  • 1 participant
  • 1 minute
release
backend
secure
delivering
future
screen
12
getting
features
hi
youtube image

13 Jan 2020

  • 1 participant
  • 1 minute
secure
security
vulnerability
repo
secret
launched
static
detection
enabling
sam
youtube image

7 Dec 2019

A demonstration of how the AJAX spidering feature of DAST works, and the kind of problem it solves.
  • 1 participant
  • 3 minutes
spider
bacon
dust
scan
vulnerabilities
zap
ajax
spidering
alright
configuration
youtube image

15 Nov 2019

0:00 - 1:26 • context and current UX
1:26 - 12:12 • MVC review
12:12 - end • resulting issues and next steps
Issue update: https://gitlab.com/gitlab-org/gitlab/issues/14059#note_245374632

Walking through a design iteration of auto-remediation MVC. This focuses on step 1. which is to auto-create merge requests that includes fixes to vulnerabilities. Our next step 2. will focus on auto-merging MRs with fixes to further automate the workflow.
  • 1 participant
  • 16 minutes
merge
bot
mvc
dependencies
dashboard
usability
opted
enabling
patch
scanning
youtube image

6 Nov 2019

Walking through a design iteration of auto-remediation MVC. This focuses on step 1. which is to auto-create merge requests that includes fixes to vulnerabilities. Our next step 2. will focus on auto-merging MRs with fixes to further automate the workflow.

Issues update: https://gitlab.com/gitlab-org/gitlab/issues/14059#note_240956001
  • 1 participant
  • 16 minutes
remediation
vulnerabilities
dashboard
capabilities
fixes
vulnerability
reevaluate
bot
configured
annotation
youtube image

24 Oct 2019

This video is one of the UX scorecard study at gitlab. The purpose of UX scorecard study is to identify, scope, and track the effort of addressing usability concerns within a specific workflow. Today we are focusing on on the secure area of gitlab, this is a feature for our ultimate users.
The persona for this UX scorecard study could be Security specialist, developers or dev ops who take care of the security of their product.

The scenario for this UX scorecard study is: as a security specialist, my main task monitoring and flagging events, running down high priority tasks. I just upgrade gitlab account, so that I want to try out the security feature.
  • 1 participant
  • 14 minutes
security
dashboard
assess
manage
concerns
vulnerabilities
users
upgraded
vulnerability
setup
youtube image

16 Oct 2019

Here are the details of why do we need a row-level locking for a Vulnerability Occurrence (to be renamed to Finding) when we decide to create a new Vulnerability from it and attach this Finding to it.
  • 1 participant
  • 7 minutes
vulnerability
occurrence
vulnerabilities
locking
ensure
security
examines
detected
databases
creation
youtube image

16 Oct 2019

This is the details on why do we need a row-level locking for a Vulnerability Occurrence (to be renamed to Finding) when we decide to create a new Vulnerability from it and attach this Finding to it.
  • 1 participant
  • 7 minutes
vulnerability
occurrence
vulnerabilities
locking
ensure
creation
security
examines
risk
association
youtube image

9 Oct 2019

This video demonstrates how Secure group leverage multi project pipeline feature of Gitlab to test analyzers end to end.
  • 1 participant
  • 4 minutes
analyzers
pipelines
project
process
testing
analyzer
dependency
pip
multi
pipeline
youtube image

26 Sep 2019

The Secure team reviewing the current state of license compliance feature, discussing priorities, and outlining next steps.

License compliance list issue: https://gitlab.com/gitlab-org/gitlab/issues/13582
Discovery, license policy MVC: https://gitlab.com/gitlab-org/gitlab/issues/12941
  • 4 participants
  • 17 minutes
licensing
important
ui
compliance
maintainer
discovery
clarifying
implementation
visible
policy
youtube image

23 Sep 2019

This is walkthrough of how the DAST repository and project are put together.
  • 11 participants
  • 58 minutes
researcher
security
tasks
github
introduce
testing
docker
labs
topic
automated
youtube image

19 Sep 2019

This is a short demo about adbcurate, a tool for automated advisory generation.
  • 5 participants
  • 52 minutes
advisements
capability
security
manages
advisory
currently
2017
execution
important
advisers
youtube image

9 Sep 2019

Quick demo on progress for enabling Web Application Firewall for Kubernetes

Issue: https://gitlab.com/gitlab-org/gitlab-ce/issues/65192
  • 5 participants
  • 29 minutes
kubernetes
workflow
firewall
devops
enabling
ajax
project
screens
docker
ip
youtube image

8 Sep 2019

No description provided.
  • 1 participant
  • 3 minutes
priority
security
enhancements
remediation
vulnerabilities
performance
software
priorities
fix
management
youtube image

4 Sep 2019

This is a casual Q/A discussion with Lucas C, GitLab's Sr. engineer who helped build our SAST functionality for APEX code in GitLab. In this video you'll see us discuss:

1. Overview of SAST in GitLab. Brief review of visual diagrams.

2. Details around how we leverage PMD under the hood and what all is currently supported for scanning.

3. Demo of how to set up SAST on a new project that has APEX code starting from a blank .gitlab-ci.yml template. Also we touch on setting up optional approval groups from Security teams.

4. How to leverage SAST in our existing Salesforce Project Template's .gitlab-ci.yml. In the video we create this MR : https://gitlab.com/sfdx/sfdx-project-template/merge_requests/2

Also check out resources at:

1. https://gitlab.com/sfdx
2. https://docs.gitlab.com/ee/user/application_security/sast/
3. https://pmd.github.io/pmd/
  • 2 participants
  • 32 minutes
security
sassed
scan
testers
advanced
license
program
presume
sas
process
youtube image

19 Aug 2019

UX team reviews and ideates on low-fidelity designs for day I and setup UX for Secure features
  • 4 participants
  • 21 minutes
license
vulnerabilities
dashboard
secure
configured
issue
process
management
onboarding
capability
youtube image

13 Aug 2019

We are talking about the right approach moving Security scanning reports from the Frontend to the Backend. This is related to an epic [0] in order to resolve technical debt, furthermore this enables us to work on removing a docker-in-docker requirement for certain scanning types ([1]) and clears the path to deliver better UX for our features [2]


[0]: https://gitlab.com/groups/gitlab-org/-/epics/1425
[1]: https://gitlab.com/groups/gitlab-org/-/epics/971
[2]: https://gitlab.com/gitlab-org/gitlab-ee/issues/12896
  • 8 participants
  • 35 minutes
pipelines
dashboards
refactoring
migrate
processing
recap
endpoint
backend
ports
merge
youtube image

12 Aug 2019

Weekly meeting of GitLab employees in the Secure stage.
  • 6 participants
  • 17 minutes
soon
going
thanks
having
alright
come
hope
monday
send
concerns
youtube image

12 Aug 2019

Weekly meeting of those in GitLab's combined Static and Dynamic Analysis groups.
  • 3 participants
  • 13 minutes
reconciling
going
planning
concerns
teams
transition
currently
conversation
ahead
split
youtube image

5 Aug 2019

Weekly stage-wide meeting for engineers in the Secure section.
  • 7 participants
  • 21 minutes
hey
taking
weekend
lab
alrighty
morning
aboard
thanks
comments
good
youtube image

1 Aug 2019

In this video, we discuss how permissions are implemented in GitLab codebase and what policies we use for Secure features.

https://gitlab.com/gitlab-org/security-products/brown-bag-sessions/issues/1
  • 4 participants
  • 24 minutes
permissions
policies
permission
maintainer
authorized
github
security
access
private
allows
youtube image

26 Jul 2019

In this video we discuss the backend implementation around the Security Approvals in Merge Requests MVC.

https://gitlab.com/gitlab-org/gitlab-ee/issues/9928
  • 5 participants
  • 29 minutes
approvals
security
gitlab
approvers
demoing
approval
licenses
gates
process
proposal
youtube image

15 Jul 2019

Weekly team meeting from 15 July, 2019.
  • 10 participants
  • 20 minutes
comers
chats
volunteer
announcements
joining
introduce
slack
cam
scheduled
aboard
youtube image

15 Jul 2019

Secure Group discussing on this issue: https://gitlab.com/gitlab-org/gitlab-ee/issues/10479
  • 3 participants
  • 16 minutes
project
virtual
problem
processing
prototype
architectures
proposal
technical
configuration
tool
youtube image

8 Jul 2019

Weekly team meeting from 8 July, 2019.
  • 8 participants
  • 17 minutes
analyzers
bot
discussion
generic
security
scans
issue
labels
improving
investigating
youtube image

8 Jul 2019

Secure Group discussing on this issue: https://gitlab.com/gitlab-org/gitlab-ee/issues/10479
  • 4 participants
  • 32 minutes
workspaces
project
dependencies
needs
docker
repository
process
working
existing
refactoring
youtube image

6 Jul 2019

Walkthrough of a Secure feature: license management, which is included in our Ultimate tier. It’s important to note that this feature is at a very early stage and is currently considered as an MVP. There are a lot of upcoming improvements so this video will quickly get outdated.

This is part of the GitLab Design team’s Baseline-Experience initiative, where we audit our existing core features quarterly and propose improvement recommendations.

Experience Baseline Documentation: https://about.gitlab.com/handbook/engineering/ux/experience-baseline-recommendations/
Related issues:
https://gitlab.com/gitlab-org/gitlab-design/issues/402
https://gitlab.com/gitlab-org/gitlab-design/issues/478
Secure UX: https://about.gitlab.com/handbook/engineering/ux/stage-group-ux-strategy/secure/
  • 1 participant
  • 13 minutes
licenses
maintainer
security
tasks
manage
licence
auditing
approvals
license
gate
youtube image

1 Jul 2019

Kyle walking through a design recommendation for the layout on our Security Dashboard feature.

Secure UX team: https://about.gitlab.com/handbook/engineering/ux/stage-group-ux-strategy/secure/index.html
Baseline Experience: https://about.gitlab.com/handbook/engineering/ux/experience-baseline-recommendations/
  • 7 participants
  • 29 minutes
security
users
initiative
dashboard
duties
manage
consideration
navigating
ahead
vulnerability
youtube image

27 Jun 2019

Philippe Lafoucrière, Distinguished Engineer, explains why and how Docker-in-Docker (DinD) is used for our Security Products, and the common pitfalls when configuring privileged GitLab Runners.
  • 4 participants
  • 26 minutes
functionality
careful
chrome
sas
darker
security
troubleshooting
analyzers
understand
spec
youtube image

24 Jun 2019

No description provided.
  • 6 participants
  • 35 minutes
retrospectives
discussion
planning
ahead
postpone
timing
foresight
decisions
attending
considered
youtube image

24 Jun 2019

No description provided.
  • 7 participants
  • 30 minutes
sas
docker
fixes
executed
issue
linux
phillip
platform
mac
fail
youtube image

18 Jun 2019

Walking through design recommendation for the layout on our Security Dashboard feature. This is part 2 of our Baseline Experience initiative.

Links:
Security Dashboard Documentation: https://docs.gitlab.com/ee/user/application_security/security_dashboard/
Baseline Initiative: https://about.gitlab.com/handbook/eng...
Part 1 issue, audit: https://gitlab.com/gitlab-org/gitlab-design/issues/401
Part 1 experience walkthrough: https://www.youtube.com/watch?v=_JtUdaTyAbk&list=PL05JrBw4t0KqkW0oPW3n0HqVgKcONVnO5&index=3
Part 2 issue, recommendation: https://gitlab.com/gitlab-org/gitlab-design/issues/460
  • 1 participant
  • 8 minutes
vulnerabilities
dashboard
visible
vulnerability
reviewing
gitlab
filtering
prioritizing
security
screen
youtube image

15 Jun 2019

Quick overview of the features under the Secure SCA group:

- Intro 0:08
- Dependency Scanning: 0:49
- Container Scanning: 6:36
- License Management (being renamed License Compliance): 13:06
- Vulnerability database: 20:39
- Misc: 25:37
  • 5 participants
  • 32 minutes
packages
gitlab
dependencies
repository
workflow
functionality
bot
manager
project
dashboard
youtube image

4 Jun 2019

Walking through "job to be done" baseline experience: When reviewing vulnerabilities for multiple projects, I want to see them all in one location, so that I can prioritize my efforts to resolve or triage them while seeing the larger picture.

Overview: dashboard feature is at an early product stage and considered an MVP. The user we are designing for works in an organization's web security department. Roles such as: security analysts, security engineers, or head of security. Although, some mid-to-smaller organizations may not have a dedicated security department, in this case the users would likely be: developers, tech leads, and devops engineers.

Links:
Security Dashboard Documentation: https://docs.gitlab.com/ee/user/application_security/security_dashboard/
Baseline Initiative: https://about.gitlab.com/handbook/engineering/ux/experience-baseline-recommendations/#grading-rubric
Issue: https://gitlab.com/gitlab-org/gitlab-design/issues/401
  • 1 participant
  • 6 minutes
security
dashboard
reviewing
vulnerabilities
users
vulnerability
gate
scanned
deployment
tech
youtube image

5 Apr 2019

Secure group brainstorming about the Bill of Materials upcoming feature.

https://gitlab.com/groups/gitlab-org/-/epics/858
  • 4 participants
  • 28 minutes
packages
dependencies
package
versions
dependency
context
implementation
repository
modules
project
youtube image

11 Mar 2019

One of the challenges the Secure team is facing is being able to reliably track vulnerabilities between commits, when their location has changed. This is a short video showing why and how to address this issue.

https://gitlab.com/gitlab-org/gitlab-ee/issues/7586
  • 1 participant
  • 7 minutes
vulnerability
sas
analyzes
fix
vulnerabilities
issue
tracking
security
vernor
dashboard
youtube image

20 Feb 2019

No description provided.
  • 8 participants
  • 26 minutes
capabilities
comments
patches
monitoring
secret
collaboration
considering
gillip
gately
intel
youtube image

5 Feb 2019

In this video we present our vision for the Secure stage, and which is the roadmap for the next months.

You can read more on https://about.gitlab.com/direction/secure/
  • 1 participant
  • 12 minutes
secure
gillip
critical
security
advanced
software
monitored
vulnerability
secured
protection
youtube image

17 Jan 2019

Retrospective of the 11.7 iteration in the Secure Team. Like usual, we cover what went well, what went wrong, and what can be improved.
  • 7 participants
  • 27 minutes
eventually
updates
issue
delaying
currently
6666
retrospective
incremental
ensuring
process
youtube image

2 Nov 2018

Preview of the upcoming Security Dashboard at the Group level by Sam Beckham (Secure Team).
  • 1 participant
  • 8 minutes
vulnerabilities
overview
dashboard
security
sassed
critical
dummy
vulnerability
group
scanning
youtube image

19 Sep 2018

Discuss the API for the Security Dashboard at the group level.
This meeting was to discuss and validate the final contract between backend and frontend. More info: https://gitlab.com/gitlab-org/gitlab-ee/issues/6709
  • 5 participants
  • 49 minutes
dashboards
query
endpoint
api
backend
interface
security
summary
cves
filtering
youtube image

18 Sep 2018

Kickoff of the Security Dashboard at the group level with the Secure Team (including backend, frontend, and UX members).
This meeting was to discuss and validate the Final “incremental” design. More info: https://gitlab.com/gitlab-org/gitlab-ee/issues/6709
  • 7 participants
  • 59 minutes
dashboard
discussion
finalize
filtering
incremental
features
simulation
planning
updates
configuration
youtube image

8 Jan 2018

In this session, we are scheduling the tasks for the next iteration (GitLab 11.8, starting January 8th, 2018).
After the planning meeting with the Product Manager, we need to evaluate what can the team commit to, depending on each task complexity, but also the team availability.
  • 8 participants
  • 1:08 hours
issue
planes
tuning
planning
alright
maintenance
dashboard
triage
steering
currently
youtube image