►
From YouTube: GitLab 11.7 Retrospective - Secure
Description
Retrospective of the 11.7 iteration in the Secure Team. Like usual, we cover what went well, what went wrong, and what can be improved.
A
A
A
A
A
A
The
solution,
from
my
point
of
view
at
least,
would
be
to
make
sure
that
we
end
up
all
the
written
by
the
end
of
the
month
and
not
the
future
fit
so
that
we
have
some
time
to
discuss
with
reviewers
if
needed,
to
spot
and
fix
bugs
in
the
current
iteration
before
it's
getting
shipped
to
work
on
all
the
things.
That
would
be
a
left
over
for
the
next
iteration.
But
do
you
think
that
I.
A
C
C
Yeah
we
had
an
issue
that
was
kept
late,
that's
the
one
that
was
resolved
today
and
I,
don't
know
if
the
better
solution
would
have
been
to
not
ship
the
project
filter
because
we
didn't
have
a
doughnut
didn't
have
enough
time.
So
we
brain
is
already
falling
and
yeah
and
I
also
think
that
some
UX
things,
but
it's
it's
good.
It
aligns
with
our
iteration
value
that
we
just
can
go
and
better
things
up
in
the
next
iterations.
B
Yeah
Lucas
I
have
a
ticket
in
for
that.
That's
aligned
with
the
ticket
you
put
in
for
the
UX
stuff
I
think
we
did
get
crunched
on
time
again,
I
think
the
GDK
or
some
issues
with
how
data
is
coming
in
and
we
can
see
it
was
a
problem
when
I
reviewed
it
I,
don't
think
there
were
more
than
20
projects
to
see.
B
C
Yeah
I
tend
to
come
in
the
state
because,
as
far
as
it's
you
know,
because
of
the
missing
seating,
it's
hard,
you
know,
and
you
run
into
issues
whether
it's
just
you
X
just
UX
or
also
performance
issues.
Then
suddenly
your
project
has
like
10,000
vulnerabilities
or
something
like
that
right
so
and
the
step
just
happens
and
you
just
encounter
these
issues
once
you
actually
use
it
and
I
mean
that
people
are
encountering.
These
issues
is
actually
good
because
it
means
they
started
using
it
and
they
found
something.
C
I
mean
it
will
never
be
a
hundred
percent
safe
and
I
mean
issues
around
not
having
anything
or
around
I.
Think
too
much
always
there.
So
yeah
I
just
wanted,
because
otherwise
I'm
just
a
positive
I,
just
wanted
to
put
something
on
the
bad
side
of
things,
maybe
on
a
VA
c'e
yet
and
yeah
we
can
switch
over
and.
A
I
think
it's
converging
also
in
the
idea
of
having
this
last
week
between
the
end
of
the
month
and
the
future
frames
to
do
the
10
things
if
we
have
something
deployed
on
staging
or
dev,
and
you
can
ping
me
on
this,
it's
really
out.
It's
really
good
to
have
another
pair
of
eye
on
that
kind
of
features,
because,
as
you
can
see
with
that
issue
with
just
a
few
seconds
and
a
few
clicks,
I
was
able
to
spot
that
kind
of
bug.
A
I
I
mean
I'm,
not
saying
that
I'm
better
than
the
other
two
spot,
that
kind
of
birds
but
I'm
coming
from
different
context,
and
you
know
just
stepping
back
from
time
to
time
it
it's
it's
good
good
to
spot
the
kind
of
things
so
I
would
like
to
spend
that
time
at
the
end
of
the
iteration
to
really
test
the
picture
from
end
to
end
without
anyone
in
on
my
shoulders.
Behind
my
shoulder
saying
you
should
click
there.
I
should
click
myself
and
make
the
war
process
or
user
experience
myself.
D
I'd
say
that
just
is
exactly
what
the
radio
app
is
aiming
at,
because
I
think
we
should
do
that
at
the
time
of
merging
the
feature.
That
is
when
it's
switching
the
final
match
request,
because
we
have
a
lot
of
mesh
requests
right
now
stuff.
Just
before
closing
the
issue,
the
last
mesh
request,
the
radio
app
for
that
mesh
request
should
really
be
the
place
to
do.
The
QA
of
a
feature
I
mean.
C
C
Honest
I
think
it's
fine
like
it
happened
with
the
project
on
I.
Don't
think
it's
fine,
that's
so
late
I
think
it's
perfectly
fine
that
we
merged
something
where
we
just
can
filter
up
any
project
and
then
iterate
on
it,
and
it's
just
a
bit
unfortunate
that
we
had
to
do
another
mod
that
needs
to
be
taken
out
by
release
manage
of
those
but
other
than
that.
I
think
it's!
It's
fine
and
you're
completely
right.
We
review
apps.
That
would
be
amazing
if
we
could
leverage
them
more
early
in
the
process
that
could.
E
D
Now
I
am
the
quality
team
in
the
discussion
group
yesterday
talked
about
that,
and
this
is
actually
one
thing
they
are
focusing
on
to
improve
the
reliability
out
there
of
the
viewer.
Do
you
have
because
also
implies
some
smoke
test,
because
some
of
the
test
jobs
are
running
on
the
review
apps
too,
so
they
will
be
fixing
that
and
the
other
thing
that
is
currently
blocking
the
secret
team
is
that
it's
something
to
China.
We
work
on
in
this
situation
is
that
we
don't
really
see
it
correctly.
D
A
And
that's
exactly
what
I
wanted
to
add.
We
don't
sing
that
correctly
and
in
the
case
of
this
issue,
we
were
also
waiting
for
some
other
features
to
store
the
data
in
the
database.
So
even
if
we
had
the
review
up
in
place,
we
wouldn't
be
able
to
taste
that
correctly,
because
the
database
would
be
pretty
empty.
A
D
D
So
it
just
went
out
to
right
from
my
mind
and
it
was
before
the
Christmas
holidays,
and
we
just
figured
that
this
week
you
figured
that
Phillip
when
trying
to
display
defensive
scanning
issues
in
orbit
is
on
on
the
group
security
dashboard.
So
we
shipped
on
prediction
because
it
was
a
race
candidate.
So
in
production
we
shipped
the
adding
of
defensive
scanning
vulnerabilities
to
the
group
level
security
dashboard,
but
it
was
empty.
D
So
it's
not
a
big
issue,
but
it
demonstrates
that
we
should
force
ourselves
to
stick
more
to
the
process
and
avoid
delaying,
even
if
it's
technically
possible,
this
shows
wrist.
This
should
stay
really
rare
and
we
should
take
more
care
about
staying
the
process.
I'm,
just
keeping
saying
the
same
thing
again
also
I
would
just
stop
duckie.
D
Sorry
yeah,
the
second
one
is
about
storing
continuous
scanning
reports
in
the
database,
so
it
was
merged
without
being
with
you.
But
someone
has
a
team
and
it
actually
went
with
some
flows
in
masters.
So
we
added
a
feature
flag
in
the
reach
right
before
the
code
freeze,
so
that
we
are
able
to
do
some
fixes
before
the
the
19,
because
when
you
are
using
a
feature
freeze,
you
are
able
to
do
some
changes
until
the
1970s.
D
The
risk
manager,
of
course,
but
in
the
end
I
think
we
finally
deserved
it,
but
it's
not
the
decisions,
that's
right
yet
taken,
but
we
may
finally
disable
totally
continue
scanning
due
to
other
issues
and
because
we
also
figured
out
that
the
model
is
it's
not.
The
best
right
now
to
cover
up
committee
needs
for
continue
scanning
and
it
might
not
be
a
good
idea
to
start
filling
the
database
if
we
want
to
change
it
or
to
add
monetary
properties
in
next
iteration.
A
Okay,
let's
move
to
what
can
be
improved,
they're,
forming
the
engineering
evaluation
with
front
and
back
end.
I
guess
the
only
thing
we
can't
change
to
improve
that
is
making
sure
that
we
keep
the
last
week.
If
you
see
something
else,
feel
free
to
add
that
as
a
comment
there,
but
otherwise
just
saying
it,
I
won't
I'm,
really
not
sure
it's
going
to
solve
the
problem
within.
A
There
are
I
think
in
many
rituals
already,
and
we
have
so
many
issues
that
we
don't
have
any
spare
time
to
work
on,
but
what's
coming
next,
my
suggestion
to
Fabio
was
to
create
some
kind
of
office
always
like
it
was
suggested
for
for
the
UX
and
make
sure
that
we
had
one
meeting
per
week
to
discuss
on
the
next
issues
of
the
next
iteration.
That's
the
only
way
for
everyone
to
come
with
their
homework
and
actually
discuss
about
that.
Otherwise,
I'm
completely
fine,
saying
you.
A
D
Yeah
I
think
it's
just
a
g-tube
how
our
team
is
made.
What
we're
working
on
I
mean
for
the
the
cut
deep
I
mean
the
feature
that
that
was
delayed
or
scrubbers
reduced
about
providing
them
a
patch
for
dependency
scanning
updates.
It's
something
really
complicated
for
people
not
familiar
with
the
which
is
kind
of
feature,
and
on
top
of
that
we
are
also
I,
said
a
new
team
not
really
familiar.
Also,
we
get
lab
code
base,
so
maybe,
with
the
upcoming
changes
in
2019,
we
will
be
more
focused
on
specific
areas.
A
The
first
one
is
sometimes
we
are
expecting
some
other
dependency,
the
component
that
is
developed
by
another,
the
team.
We
don't
know
if
it's
going
to
be
ready
or
not,
sometimes
it's,
for
example,
the
reports
we
were
waiting
for
them
not
for
that
feature
especially,
but
you
see
what
I
mean
we
were
waiting
for
the
reports
and
if
they
are
done,
we
can
use
them
if
they
are
not.
We
need
a
plan
B.
So
that's
a
lot
of
expectations
and
that's
a
lot
of
planning
in
advance.
D
B
I
agree
with
that
too,
especially
because
they
all
of
us
all
the
different
reports
act
so
differently.
So
when
I
designed
them
I
designed
them
to
output
to
the
user
the
same
way
and
as
we've
seen
in
a
few
new
issues,
it
doesn't
really
work
like
that.
So
it's
even
hard
for
me
to
understand
like
what
how
we
should
be
showing
this
data
to
the
user.
That's
beneficial!
If
it's
kind
of
very
different
right.
D
Just
want
to
have
a
advertise
and
fit
a
flag,
and
such
I
already
talked
about
it
in
the
whippy
butts
was
talking
in
in
in
the
retrospective
too,
please
if
you're
working
on
the
race,
the
geek,
library's
application,
of
course,
because
we
don't
have
such
option
on
our
side
project,
but
please
user.
It's
a
feature
flag,
it
it's
three
Andy
and
it
allows
two:
it's
not
a
good
thing
to
rely
on
this,
but
it
had
Alps
in
some
cases.
So
as
I
say,
you
can't
kind
of
skip
the
code.
Freeze
pressure.
D
If
you
have
your
feature
behind
the
feature
flag,
it's
not
good
in
terms
of
focused
procrastinating
and
doing
the
job
later,
but
it's
good
for
avoiding
the
region
rush
and
merging
things
within
the
hurry,
because
there
is
a
code
Free
State.
Instead,
you
can
have
one
or
two
days
more
to
correctly
review
and
eventually
fix
some
little
things
before
granting
it.
So
this
is
really
easy
to
set
up
and
please
use
it,
and
it's
really
only.
E
D
Even
if
we
are
not
in
an
alpha
state,
because
it's
something
really
rare
I'd
love
to
use
the
term
alpha
or
beta
on
the
feature,
because
we
are
constantly
iterating
on
every
features.
Actually
so
hey
everything,
it
will
be
alpha
or
beta.
But
yes,
basically,
if
you're
interesting,
introducing
something
you'd
better,
introducing
it
behind
a
feature
flag.
I've
also
forgot
to
mention.
One
important
thing
is
about
the
default
enabled
option.
You
have
to
keep
in
mind
that
the
feature
flag.
D
You
can
act
on
the
feature
flag
on
our
own
environment
like
staging
or
the
projection
environments,
but
you
can't
act
on
the
feature
flag
for
the
unpromising
stances
from
our
customers.
So
it's
really
important
to
consider
that
if
you
set
a
photo
labeled
fast,
false
sorry,
it
will
be
disabled
on
all
our
customers.
I'll
promise
instances
so
and
the
opposite
is
true.
D
If
you've
said,
if
all
true
like
this
is
the
case
must
continue
scanning,
and
currently
you
have
a
match
request
open
because
I
put
it
with
default,
enable
true
and
I
disabled
it
for
the
traditional
revenant,
but
I
have
to
submit
another
magic
quest
to
remove
the
default.
Enable
true,
because
we
don't
want
the
feature
to
work
on
the
unpromising
instances
so
keeping
the
quickest.
Please
keep
this
in
mind
when
using
the
feature
flag,
I
mean
like
it's.
F
I
think
it's
more
a
lot
of
like
practice,
it's
whether
you
think
that
something
should
be
enabled
by
default,
or
whether
it
should
explicitly
and
I
put
that
like
from
my
perspective,
I
said
that,
like
everything
should
be
enabled
by
default
and
as
a
last
resort,
you
should
have
to
disable
something.
It
just
makes
nice
like
configuration,
maintaining
ensuring
that
everything
is
on
the
green
path
and
like.
If
you
see
the
static
is
okay.
F
It
basically
means
that
you
don't
have
to
do
anything
else
on
production
and,
like
you
know
that
it's
working,
if
it's
not
working,
you
just
can
disable
this
feature
ahead
of
the
time
before
it's
get
deployed.
But
if
you
see
working
and
you
don't
manage
to
fix
that,
you
can
quickly
prepare
a
match,
request
and
clear
matters
before
we
finish
that,
like
before
we
being
released,
the
actuality
is
not
release
candidate
mm,
so
I
mean
it's
it's
after
like
to
the
to
the
example.
F
If
something
like
I
would
say
something
is
finished,
and
you
are
so
that
is
finished.
It
should
rather
be
enabled
by
default.
If
something
is
like
in
fly,
it
should
be
disabled
by
default,
because
this
piece
alone
doesn't
make
sense
to
be
a
neighborhood,
so
I
think
it's
based
on
basically
on
how
complete
is
the
feature
if
it's
like
the
incremental
iteration
that
it's
not
finished
I
would
say
to
disabled
if
it's
done
just
and
I
put
it
by
default
to
not
be
part
later
on
having
to
remove
that.
A
Yeah
technics
ends
all
right
for
the
sake
of
sign
anywhere
the
opportunity
to
keep
that
meeting
under
the
30
minutes.
So
I
think
we
are
going
to
head
for
that,
and
we
just
have
three
points
in
what
when
where
and
we
all
we,
we
all
will
be
able
to
attend
the
company
cover,
because
there
are
a
lot
of
announces
today.
So
let's
stop
with
a
Tatiana.
You
wanted
to
talk
about
small
dollars.
G
Yeah,
so
we
have
this
big
feature
about
futures
in
security
dashboard
and
because
it
was
splitted
in
a
smaller
tasks
on
different
immerse.
It
allow
us
to
treat
is
had
an
iteration
and
synchronize
was
pregnant.
So
it's
not
so
good
said
there
is
no
sample
because
maybe
he
have
some
different
different
vision
of
this
process.
But
from
my
point
of
view
it
was
great
to
have
small
immerse.
A
It
is
there
anything
else
we
didn't
mention
to
these
guys
to
improve
I,
think
it's
we
are
in
January.
I
will
take
the
other
two
minutes
remaining
or
four-minute
minutes
remaining
I,
really
like
the
idea
of
having
once
a
year
meeting
with
the
team
very
casual.
The
best
would
be
a
retreat,
but
or
not
they're.
A
Here
like
me
to
organize
that
right
now,
it's
going
to
happen
in
those
are
19
not
worried,
but
not
really
soon
so
again,
something
other
than
that
to
see
what
we
could
improve,
not
early,
throw
off
the
previous
iteration,
but
the
retro
of
the
previous
year.
Now,
probably
a
lot
of
areas
in
QA
or
I,
don't
know
in
the
processes
that
we
can
improve
and
we
never
take
the
time
to
discuss
kind
of
things
quickly.
A
So
I
will
organize
that
if
you
don't
mind
and
I
will
invite
followed,
you
will
have
one
more
session
with
her
a
kind
of
brainstorming
session
and
I'm,
pretty
sure
that
a
lot
of
good
ideas
could
come
from
that
kind
of
meeting,
also
some
new
features.
This
is
the
kind
of
meeting
where,
when
we
spot
something
that
is
meeting
missing
for
us,
we
can
convert
that
to
a
feature
that
will
be
helpful
not
only
for
our
team
but
for
lot
of
customers
as
well.