►
From YouTube: License Compliance Air Gap Live Demo 2020 03 25
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
B
Thanks
dad
so
here's
a
scar
cat
that
will
try
to
complete
this
demo.
Obviously
the
setup
is
the
same
as
the
one
from
success
demo.
So
I
will
just
quickly
run
through
the
explanation.
We
are
leveraging
two
instances
liam's
the
first
one
is
guitar
packet
test,
which
is
asking
the
key
types
of
management
stones
and
well
so
leverage
the
best
in
house
to
do
some
intermediate
connectivity,
stuff
and
checks
data
into
the
agate
instance.
B
This
is
a
seconds
diagram
that
quickly
explained
how
we
are
doing
this
so
from
a
local
machine.
I'm
logging
in
to
the
bastion
host
yeah
SSH
and
from
there
I
can
read
the
killcam
registry
to
code,
some
scanner
images
save
them
into
tau
fire.
That
I
can
then
copy
over
SCP
to
the
air-gap
instance,
where
we
can
load
them
back
into
the
registry
and
make
them
available
to
the
CI
jobs.
The
top
number
5
is
what
we
might
vary
depending
on
your
environment
set
up
and
your
political
into
the
air
gap
instance.
B
All
right
so
as
explained
in
this
quick
seconds
diagram
to
get
his
license
scanner
into
the
air-gap
instance.
I
first
need
to
download
them
hold
it
from
the
the
bastion
asked
I'm
using
this
really
quick
script,
which
is
just
specifying
which
image
which
image
I
want
to
download.
It's
pulling
it
here,
saving
it
into
a
file
which
is
not
here
stored
on
the
file
system,
but
instead
because
it's
too
big
abide
in
the
image
was
a
great
tip
to
just
gzip
it
and
stream.
B
It
directly
to
the
I
get
asked
which
is
specified
with
this
IP
address
here
and
loaded
directly
sex
mode
for
that
quick
tip.
So
I
will
just
run
that
and
since
it's
two
gigabytes
it
might
take
a
while.
So
in
the
meantime,
let's
move
forward
and
go
to
the
agate
test
instance,
where
I
want
to
make
sure
that
I
don't
already
this
license
image
available.
B
So
by
doing
this,
I'm,
basically
asking
the
cremate
the
ker
to
tell
me
the
list
of
images
they
have.
Luckily
we
have
the
license
in
the
name
we
can
see.
We
have
one
image
vehicle
license
management
with
the
latest
tag.
We
want
just
that
one
or
it's
fine
and
I
can
also
show
you
directly
the
gate
level
UI,
where
this
image
will
be
intimately
uploaded
so
that
it
will
be
used
by
the
CI
job.
B
So
what
is
running?
Let's
have
a
look
at
a
test
project
that
has
been
set
up
on
this
test
instance.
As
you
can
see,
there
is
no
velocity,
IMF
ISO
and
nothing
has
been
configured
yet.
This
is
a
sample
java
project
that
contains
some
dependencies.
Some
of
them
have
been
counted
out
just
for
the
purpose
of
that
demo,
and
if
you
look
at
the
license
list
here,
you
will
see
that
there
is
nothing
available,
so
so
first
step
will
be
to
set
up
that
and
I
will
just
for
the
purpose
of
the
demonstration
use.
B
B
B
B
We
don't
have
any
documentation
available
yet
for
license
compliance,
because
your
work
is
still
ongoing.
I
can
quickly
show
you
the
documentation
that
has
been
added
for
general
air
gap,
support
which
provides
some
of
the
example
script.
That
I
was
mentioning,
and
we
also
have
some
directly
available
documentation
for.
B
B
Here
so
basically,
here
we
are
still
loading
the
license:
caning
image,
the
license,
cutting
jobs,
sorry
that
we
are
overriding
it
to
specify
that
the
image
we
want
to
use
is
this
one.
So
it's
currently
leveraging
the
latest
work,
but
we
will
all
read
that,
because
this
is
nothing
one
we
want
to
use,
then
we
have
some
having
CLE
options
that
are
being
read
in
here
like
we
want
to
be
in
a
flight
mode.
We
want
to
specify
a
given
settings.xml
file.
B
Obviously
this
is
work
in
progress
and
this
will
be
well
documented
and
we
might
be
fine
we're
looking
for
a
better
way
to
provide
this
and
and
set
up
the
a
gap
environment.
Now
here
we
have
a
very
simple
job,
which
is
testing
that
we
are
still
not
available
to
reach
all
of
the
internet
from
the
CI
job.
So
this
is
just
doing.
B
Do
we
get
to
the
register.com
and
the
job
will
success
if
this
command
is
failing
all
right,
so
we
now
are
finished
to
copy
the
1208
stable
image
over
to
Z,
so
the
test
aster.
We
should
see
it
now.
Yeah.
We
see
it
here,
so
this
is
not
tagged
correctly.
So
I
just
first
need
to
retag
that
we
have
an
image
name
that
matches
this
instance
and
then
I
can
push
it.
As
you
can
see,
I've
just
used
a
custom
tag
name
here,
and
we
should
see
that
now
appearing
here
here.
B
B
C
B
D
E
Okay,
can
I
ask
a
question
while
we're
waiting,
yep
so
I'll
just
curious.
What's
the
difference
between
the
two
images?
Obviously
you
brought
over
the
image.
What
I'm
just
curious
look,
what
changes
did
we
have
to
make
in
the
image
I
understand
all
the
rest
of
the
CI
changes
that
were
necessary,
I
just
curious,
what
the
differences
were
in
the
in
the
image
that
you
pulled
over
so.
B
B
This
is
something
we're
trying
to
get
rid
of
and
move
to,
17
versioning
instead,
so
ultimately
for
the
users,
it
will
just
be
a
matter
of
fetching
license
management,
the
column
two
or
three:
they
couldn't
even
pin
to
a
specific
mine
or
tag
if
they
want
to
it
will
give
them
more
flexibility.
So
this
is
something
we
are
currently
addressing
into
2010
try
to
change
that
skim,
but
basically
it
can
pull
whatever
you
want
and
use
whatever
tag.
You
want.
B
It's
just
a
matter
of
making
sure
that
you're
using
the
scanner
that
is
compatible
with
the
instance
you're
running.
We
try
to
stay
backward
compatible
as
much
as
possible,
but
it
might
be
best
to
follow
okay,
so
my
license
canning
job
has
been
cancelled
here,
so
I
will
need
to
retry
it
somebody's
playing
with
that
we
have
a
magician.
B
D
D
E
B
Whatever
we're
putting
into
the
configuration
and
how
we
are
providing
this
I
get
customer,
this
line
would
definitely
be
something
they
will
have
to
provide
whether
it
will
be
beyond
environment
viable.
So
they
don't
have
to
have
a
right,
the
job
itself,
to
make
this
easier.
They
will
still
be
responsible
for
this,
but
because
this
is
really
specific
to
their
own
environment,
all
right,
so
the
scanning
job
is
running
now.
Whilst
it's
running
I
would
just
want
to
highlight
something,
also
very
specific
to
license
scanning,
and
probably
the
Pennsy
scanning
is.
B
We
are
injecting
our
scanner
images
within
the
egg
instance
so
that
we
can
scan
the
dependencies,
but
obviously
to
scan
them
depending
on
the
language
of
the
package
manager
we
might
need
to
access
dependencies
available
to
the
assumption
is
that,
as
you
are
building
your
project
within
the
I
get
instance,
you
already
have
set
up
everything,
that's
necessary
to
provide
those
dependencies
to
get
lab
CI
job.
When
it's
building
the
project
for
the
purpose
of
this
demo,
we
would
have
required,
for
example,
a
maven
registry.
B
This
is
something
that
ships
will
get
lab,
so
we
are
doing
some
testing
to
purge
some
custom
packages
to
the
minion
registry,
bundled
with
it
the
Keith
Lemon's
chance
and
this
works,
but
I
want
to
talk
one
more
dependencies
to
show
this
demo
I
just
go.
We
have
another
approach
which
is
about
bundling
the
dependencies,
so
here
we
have
empty
repository
directory
within
the
git
repository.
B
So
when
we
are
running
maven
we
are
explicit
is
telling
it
that
it
has
to
use
this
m2
/
repository
directory
to
find
other
dependencies
and
I
that
they
have
already
been
added
there
automatically.
When
we
are
running
the
jobs.
Maven
is
not
trying
to
reach
out
to
any
remote
repositories,
but
again
this
might
be
a
challenge,
because
this
is
what
we
can
do
for
maven
for
some
other
type
of
packages.
We
can
do
the
same,
but
it's
not
obvious.
We
got
13
different
languages
in
license.
B
E
B
B
Is
for
when
building
and
also
when
pitching
so
the
dependency,
that's
his
project,
his
calling
might
be
available.
Well,
this
man
up
is
a
test
project,
but
anyway
it's
it's
working
the
same
way,
it's
not
part
of
the
demo,
because
once
again
it
simpler
to
the
demand
or
a
job,
but
it
will
work
seamlessly.
The
only
issue
at
the
authentication
is
itself
so.
D
That
makes
sense
that
report
shows
that
you
can
pull
maven
project
packages
from
the
same
project
as
well
as
from
a
different
project,
hosted
in
get
that,
as
well
as
a
private
project
that
requires
credentials.
What
we
haven't
done
is
actually
like
a
separate
maven
mirror
within
the
same
internet,
we're
just
using
get
labs.
Oh
and
maven
repositories.
B
Yeah
thanks
but
I
swear
to
make
sure
I
understood
thanks,
yeah
the
channels,
maybe
not
depending
on
which
solution
is
used
by
the
customer.
They
definitely
managed
to
set
this
up
to
Bill
the
project,
but
we
need
to
find
a
way
to
provide
that
same
configuration
to
the
scanning
tool.
So
here
the
the
the
the
underlying
tune
is
just
a
maven
plug-in,
so
we
can
just
try
to
a
way
to
propagate
those
configurations
to
the
maybud
command
written
by
the
tool.
So
it
works.
That's
all
some
cases
it
might
be
harder.
B
Alright.
So
we
now
have
the
scanning
job
that
completed.
We
can
see
that
it's
pants
on
licensees
here.
So
let's
have
a
look
at
what
we
are
on
the
Python
you
now
so
we
can
see
there
is
a
license
tab
available
here
and
it's
showing
a
license
too
for
some
other
dependencies.
If
I'm
clicking
there
I
got
some
more
meta
data
like
the
URL,
if
I'm
clicking
here.
B
Obviously,
it's
working
because
it's
my
local
machine,
which
has
access
to
the
Internet
but
depending
on
how
your
network
is
set
up
and
how
the
the
engineer
and
your
team
members
are
working,
whether
on
the
internet,
accessible
or
not
network.
This
might
break.
This
has
been
added
to
the
documentation,
I
think
from
there.
I
can
also
decide
to
black
play
start
from
license.
So
let's
say
I'm
fine,
a
license,
I
can
approve
it
and
it
will
show
up
in
the
next
merge
acquired
that
this
is
something
I
am
accepting.
B
B
This
is
another
one
because
I
just
the
product
there's
also
a
quick
link
from
managing
licensees
directly
from
the
configuration
and
from
there
I
can
decide
that
I
want
to,
for
example,
blacklist
some
more
so,
let's
say
I
don't
want
to
have
any
MIT
license
in
my
project,
I'm
sitting
at
policy
that
says
I
don't
want
any
of
this
MIT
license
in
my
dependencies.
This
doesn't
apply
to
the
current
request
because
we
don't
have
any
MIT
any
dependency
with
an
MIT
license,
so
I'm
good
with
that
one,
so
I'm
merging
it
and
wise.
B
This
will
be
merging
on
master.
This
I
can
show
you
that
the
license
compliance
page
is
empty,
because
this
is
only
fed
from
what
runs
on
the
devil
branch
and
the
scanning
jug
that
was
currently
running
was
in
the
feature
branch,
but
now
that
we
are
merging
it,
a
pipeline
will
run
under
the
default
branch,
which
is
master,
and
when
it's
completed
it
will
feel
the
license
compliance
list.
B
E
B
So
why
I'm
here
I
also
show
the
configuration
page,
which
is
something
that's
skipped,
but
this
has
me
knighted
recently
and
it
tells
you
which
of
the
secure
features
have
been
setup
and
license.
Compliance
here
is
one
of
them.
So
it's
here
it's
held
that
it's
not
yet
configured
because
none
of
its
jobs
has
been
detected
on
the
latest
pipeline
on
the
devil
branch.
Again.
This
is
looking
at
the
different
branch,
only
hostility
here.
B
B
B
B
This
is
definitely
too
long.
This
is
something
that
is
worth
mentioning
license.
Compliance
is
too
long.
Mori
made
several
improvements
to
try
to
improve
that,
but
to
make
the
image
smaller
and
to
speed
up
the
detection,
but
we
still
have
a
lot
of
work.
Another
approach
that
we
are
considering
for
the
future
is
to
break
this
down
into
multiple
analyzers,
to
have
one
image
for
environment,
because
now
the
underlying
tool
which
is
licensed
finder,
is
handling
all
the
different
environments
for
all
the
different
packages
and
languages
into
the
same
docker
image.
B
I
will
take
this
time
to
go
back
to
the
SSL
check.
This
is
something
I
I
think
we
all
agree
that
we
want
to
support
them
in
the
detector
some
certificates.
Obviously
we
don't
want
our
sorry
try
to
find
back
the
line.
We
don't
want
our
customer
to
use
that
kind
of
workaround
and
disable
the
SSL
checks.
So
this
is
something
that
we
are
looking
as
a
high
priority
for
2010
I
think
we
all
agree
on
that.
Yeah.
E
C
C
D
D
This
work
with
12:7:
well,
yes,
because
12:7,
you
still
had
before
script,
get
lab,
CI,
yeah,
Mille
and
so,
and
you
still
had
root
on
the
image
as
well,
so
they
can
modify
the
image
and
whatever
way
they
want.
The
part
that
I'm
not
sure
of
is
like
how
they're
gonna
do
it
if
they
would
prefer
to
have
the
root
CA
installed
right
into
the
images
like
trusted,
CA
store
or
if
they
want
to
be
able
to
pass
like
a
custom
PEM
file
that
they
shell
directly
to
do
maven.
D
C
B
One
thing:
what
we
need
to
keep
in
mind
is
that
we
have
implemented
a
seminar
solution
for
all
the
security
scanners,
so
we
probably
want
to
align
with
them
in
terms
of
UX
all
right,
so
the
pipeline
on
the
master
brand
is
now
completed.
So
hopefully
this
will
now
show
up
here.
Yeah
we
have
this
apache
license
to
the
or
showing
up
here
with
the
least,
are
the
components
that
packages
that
are
enlarging
this
using
them.
B
C
B
B
B
Now
that
the
pipeline
is
complete,
it's
working
alright,
so
we
know
how
to
tick,
tick,
five,
new
licenses
and
yeah-
we
might
be
here,
but
it's
still
considered
as
unknown.
This
is
not
the
best
you
eyes
or
something
we're
working
on,
but
the
great
circle
means
we
don't
find
any
existing
policy.
Regarding
that
specific
license,
so
you're
all
wondering.
Well,
we
disabled.
We
specifically
like
listed
my
MIT
license,
so
why
it's
not
working!
This
is
a
known
issue.
B
As
you
can
see,
this
is
reported
as
being
MIT
license,
whereas
what
we
put
into
the
management
of
the
licenses
is
just
MIT,
and
this
is
something
that
we've
done
recently,
which
is
about
normalizing
the
license
name
to
improve
the
matching.
So
this
is
not
working
in
the
ëget
instance,
because
we
have
a
cron
job
that
regularly
checks
the
s
PDX
database
to
get
the
latest
ideas.
B
Put
them
to
our
grid,
lab
instance
database
and
then
make
sure
to
update
all
the
license
that
we
found
in
the
reports
and
update
them
to
get
this
new
ID.
So
we
have
normalization
stuff
happening
at
that
moment,
which
makes
the
matching
between
the
policies
and
the
scandal
that
we
find
in
the
project
to
be
way
more
efficient.
And
here
it's
failing,
because
this
is
not
the
same
name.
C
C
C
E
C
D
B
So
I
just
had
a
mighty
license
as
a
black
listed
one,
and
now
it's
reporting
correctly.
So
again,
this
would
be
fixed.
We've
tried
to
figure
out
a
way
to
bundle
that
index
into
the
omnibus
package
so
that
it's
available
for
self
manage
instances
so
that
it
improves
the
matching
algorithm
all
right.
So
let's
merge
this
one
and
please
see
this
showing
up
in
the
license.
Compliance
page
as
also
a
final
point.
I
just
want
to
make
sure
that
we
agree
on
how
to
prove
that
any
album
called
we're
made
from
the
yep
instance.
B
We
tend
to
agree
that
having
the
check
I
got
job
showing
that
it's
failing
is
enough,
but
we
also
we're
discussing
that.
We
need
to
do
some
that
cut
commands
on
the
get
asked.
I
was
doing
it
yesterday
with
this.
What
I
end
up
with
is
what
I
think
we
make
more
sense
demonstrate
that
so
here
is
the
log
viewer
from
the
instance,
which
is
catching
every
traffic
that
is
being
handled
by
the
rule
that
we've
set
up
and
one
of
them
being.
We
disallow
any
outgoing
calls.
B
B
B
B
B
B
B
Its
mother
working
fire
Billy
last
night
when
I
was
testing
this
so
demos
stuff
anyway.
This
is
something
that
we
can
dig
further,
but
unless
your
specific
net
cut
command
that
you
wanted
me
to
run
to
prove
that.
But
my
point
was
that
running
that
cat
command
from
the
I
got
asked
to
try
to
reach
out
to
the
extent
to
the
outside
might
not
be
approved
that
you
are
fully
again
because
you
can
fail
to
reach
out
for
any
other
reasons
and
then
having
a
specific
firewall
blocking
this
I'm.
An
expert
in
that
area.
E
Know
the
combination
of
the
two,
so
you
you,
you
should
a
pipeline
fail
when
you
hadn't
properly
set
up
the
yeah
Mille
with
all
the
options,
the
overrides
of
the
image
name
and
so
on
right.
That
was
the
first
pipeline.
You
did.
If
you
go
into
the
pipeline
history,
there's
there's
the
one
that
failed
license
canning
right,
because
it's
range
right,
yeah,
so
I
think
that,
combined
with
the
running
job
that
succeeds,
when
you
can't
do
a
double
you
get
in.
E
B
F
Thanks
for
this
I
add
a
comment
in
an
item:
I'll
I
think
we
should
be
grading
as
we
go.
We
don't
forget
the
context
of
white-white
fail.
Wipe
ass
and
call
out.
I
also
wanted
to
point
a
foster
that
we
have
single
source
of
truth.
So
if
there's
like
I,
think
I
sort
of
truth
in
the
scorecard,
why
the
scores
low,
let's
put
it
in
the
notes.
F
B
C
C
F
C
C
Well,
let's
go
through
and
see
if
we
need
to
go
through
anything
again
like
it
sounds
like
we
were
discussing
point
number
27,
oh
right
now,
so
I
guess
we're
going
backwards.
I
don't
know,
but
do
we
want
to
complete
that
conversation?
The
note
they
took
was
that
the
combination
of
the
original
settings
file
and
I
should
probably
be
specific
settings.
Yeah
mo
file
failure
combined
with
the
running
job,
which
I
think
it's
called
like
check,
air
gap,
I,
think
or
test
air
gap
test.
C
E
C
So
if
we're
looking
at
that,
then
we
should
be
looking
at
l23,
which
is
proving
that
the
environment
itself
was
air
gapped,
which,
if
I
flip
back
to
the
notes,
the
method
that
we
did.
That
was,
we
showed
the
host
in
the
bastion
with
the
mermaid
diagram
and
then
did
a
check
to
note.
And
then
we
also
noted
we
were
using
a
host
file
and
that's
why
we
had
a
web
address
so
I
mean
my
personal
comment
on
this
is
I.
C
E
C
E
C
C
B
Well,
when
we
are
demoing
it
that
we
cannot
the
car
images,
we
cannot
ping,
we
cannot
reach
422.
I
can
do
super
because,
like
that,
but
if
we
want
to
exhaustively
list
like
we
cannot
do
edit
connection
on
any
part,
we
need
a
tool
that
will
do
a
full
scan,
and
this
is
also
a
tool
that
the
customer
would
agree
with,
which
is
definitely
a
more
complex
setup
to
me
right.
E
Think
we
just
I
think
it'd
be
good
to
be
consistent
across
the
demos
and
decide
what
the
wording
of
D
is
gonna,
be,
which
we
don't
have
to
do
here
and
end
and
then
have
it
consistent
across
the
demos
would
be
nice
but
I.
Think
in
this
case
we
have
shown
the
ones
that
I
mean
you've
tried
out
on
twenty
to
forty
four
three
and
eighty
would
be
the
ones
that
I
would
really
want
to
see
are
being
blocked
on
the
hosts
are
the
key
ones.
E
E
C
C
C
B
C
So
24l
is,
this
is
show
the
setup
and
config.
So
we
did
the
bonus
of
turn
on
license
compliance
ensure
that
it
failed
with
the
default
configuration
setting
we
followed
in
this
case.
It
was
not
user
documentation.
It
was
you
know,
copy-paste
from
file,
because
we
don't
have
public
user
documentation
first,
so
you
can
ding
us
for
that,
one
if
you
want
and
then
after
pasting,
that
in
we
were
able
to
run
a
pipeline
successfully,
so
that
was
that
step.
So
how
do
you
feel
about
that
way?
I
would.
E
B
E
F
C
So
I
don't
think
this
one
impacts
our
score.
I
think
this
one
is
a
follow-on
for
Kevin
to
confirm
if
the
customer
is
concerned
about
that
one.
So
do
you
have
that
one
as
a
takeaway
to
find
out
how
they're
like
to
work
with
mo
to
be
like
hey,
here's,
how
you
know
you
can
do
the
Maven
with
your
certificate.
Is
that
the
way
you're
currently
doing
it
I
should
probably
add
more
words
to
this
one.
So
you
can
so
yeah.
E
C
F
C
E
C
C
E
B
E
Honestly,
I'm
fine,
with
25
being
a
5
and
26
being
okay
I,
just
it
it's
kind
of
potato
putana
to
me.
I
do
agree
that
it
did
run
and
it
did
give
us
the
results.
We
we
expected
the
only
thing
I'm
gonna
check
on
it
is
the
looking
listed
versus
self-hosted
and
if,
if
they
anticipate,
there's
a
significant
difference
there
that
we
want
to
do
any
testing
with
a
with
a
self-hosted
one.
Okay,.
C
B
E
F
F
E
E
C
D
D
F
C
So
for
MVC
we
are
doing
maven
and
we're
doing
Python,
pip
or
I
should
say
we're
doing,
Java,
maven
and
python
pip
as
the
two
targets
for
MVC.
So
we
should
probably
capture
those
both
separately.
Other
items
are
in
the
post,
MVC
epoch,
as
confirmed
yesterday.
We
will
get
to
them
earlier
if
we
can,
but
we
must
finish
those
two
got.
F
H
D
To
piggyback
on
your
question,
Thomas
up
my
other
concern
about
the
environment:
it's
like
I,
don't
have
a
Python
package
registry
mirror
in
this
air
gap
environment.
With
the
maven
example,
I
was
able
to
use
the
get
Lab
hosted,
maven
repository,
but
that's
another
I
guess.
Infrastructure
related
concern.
C
So
for
the
first
one,
my
vote
would
be
for
the
proof
set
up
and
prove
air
gap
and
then
the
show,
if
applicable,
I,
think
those
should
be
universal
because
its
environment
specific.
So
if
the
scores
and
those
go,
my
vote
would
be
that
they
go
up
across
the
board.
But
people
can
down
vote
that
or
whatever
I.
F
Think,
let's
just
show
it
like,
you,
don't
have
to
dive
in
and
show
the
whole
thing,
but
this
makes
it
show
and
revisit
it
make
sure
we
don't
regress
and
quality
is
working
on
the
other,
bigger
environment
and
running
full
requests
on
it.
So
there's
also
the
opportunity
to
catch
it
there
and
retest
everything
at
the
whole
end-to-end
flow.
So,
let's
make
make
it
lean
lightweight
for
them
make
sure
we
call
back
and
say.