►
From YouTube: Secure Group Conversation
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
B
A
And
that's
all
because,
since
the
most
of
our
futures
are
in
the
ultimate
here,
we
are
not
getting
a
lot
of
contribution
for
the
community
from
the
community,
and
so
it's
awesome
to
have
some
contribution
from
gillip
people
because
they
obviously
don't
have
the
problem.
With
the
license
of
the
code
day.
They
are
changing.
B
In
the
next
backward,
conversation
will
be
left
the
same
out
to
Thiago
from
the
support
team
because
he
is
working
on
the
support
of
some
maven
options,
for
SAS
is
helping
us
right
now.
It's
we
are
in
the
middle
of
the
iteration,
so
that's
to
be
may
be
too
soon
to
say
victory,
but
we
will
celebrate
that
in
the
next
occurrence.
I
was
expecting
a
lot
of
questions.
You
probably
have
too.
D
Many
slides
for
that
just
leave
an
awkward
silence.
Filippo
fill
it
in
thanks
for
the
slices,
slides,
are
great
and
I
think
a
lot
of
people
are
going
through
them
regarding
secret
detection.
What
are
we
thinking
of
using
there
I
think,
there's,
there's
a
there's.
A
technology
called
from
fauxhawk
I
think,
but
there's
also
something
made
by
Intel.
If
I
remember
correctly,
is
that
what
are
the
options
and
what
are
we
considering.
B
D
He
can't
is
that
the
customer
side
I'll
speak
for
him.
Secure,
is
becoming
a
key
competitive
advantage
first
against
Azure
DevOps
in
accounts.
By
definition,
those
accounts
will
be
used
in
c-sharp
and
net.
How
do
we
make
sure
our
support
for
these
languages
/,
the
Microsoft
stack,
is
better
than
our
competitors
in
the
scanning
landscape.
A
So
we
already
have
some
support
for
dotnet
framework
specifically
does
net
core
for
security
features,
so
that's
a
very
first
step
to
jump
in
and
in
the
Microsoft
world.
This
is
possible
because
dotnet
core
is
available
as
docker
images
that
are
Linux
based
and
formally
to
fully
support
the
dotnet
framework.
We
need
a
Windows
environment,
so
we
have
two
different
paths
we
are
following
here.
E
F
D
I
do
want
to
follow
up.
I
left
a
link
in
the
chat,
so
we
should
for
secrets
scanning.
We
seem
to
be
using
all
of
the
technologies
like
that.
It
seems
to
be
using
three
different
technologies
very
exciting,
very
exciting
that
were
pointing
to
a
merger
question
on
an
issue.
Is
that
the
case,
and
why
do
we
need
multiple
ones?.
B
We
did
multiple
ones,
because
the
tools
that
we
have
identified
are
a
bit
complementary.
Some
of
them
come
just
spot
some
tokens,
some
of
them
come
spot.
It's
a
search,
keys,
some
of
them.
You
know
it's.
We
are
getting
a
better
tool
just
by
aggregating
the
results
of
the
underlying
tools.
We
want
the
security
products
to
be
a
turnkey
solution,
something
really
easy
to
use
without
a
lot
of
configuration.
So
if
three
analyzers
are
providing
a
better
result
than
just
one
or
the
three
supported,
then
it's
a
win
for
us
and
that's
why.
E
G
G
A
F
Okay,
so
on
slide
five
Auto
remediation,
we've
already
done
the
first
step
and
it
sounds
like
you're
completing
the
MVC
eleven
nine
in
March,
which
is
awesome,
I'm
curious
how
usable
the
MVC
will
be,
or
maybe
more
pointedly.
When
will
of
this,
be
an
awesome
feature,
because
you
know
the
spirit
behind
auto
remediation
is
amazing,
and
will
that
be
at
the
MVC
or
is
that
some
future
release
before
it
will
really
fulfill?
We
yeah.
A
Thank
you.
Thank
you,
Mike,
that's
a
very
good
question.
So,
first
of
all,
let's
say
that
the
embassy
will
be
really
usable
by
people
unforunately.
Let's
see,
the
only
supported
language
and
framework
will
be
yarn.
So
if
you're
using
yarn
ax,
you
can
absolutely
use
it
and
we
will
solve
all
your
problems
if
you're
not
using
it,
it
will
be
absolutely
useless.
That
was
just
because
that
was
the
very
first
step.
A
We
want
to
close
the
loop
up
to
the
merge
request,
so
with
the
MVC
you
will
be
able
to
automatically
create
the
module
quest
and
run
the
pipeline
and
check
results.
So
this
is
something
that
will
not
ask
you
to
move
away
from
the
gulab
UI.
That
was
my
approach
to
it.
So
you
can
do
everything
from
within
the
github
web
interface.
Then
we
have
two
different
paths.
We
have
to
improve
the
feature.
The
first
one
is
adding
more
languages
and
more
frameworks.
A
Obviously,
because
we
know
that
not
everyone
is
using
yarn,
so
people
may
feel
frustrated.
They
are
just
you
know
they
want
to
use
the,
but
they
cannot
because
they
cannot
switch
the
language
because
about
the
remediation.
Obviously,
on
the
other
side,
we
want
to
continue
beyond
the
embassy
and
to
provide
automatic
deployment.
That
is
almost
you
know
already
possible
if
you
set
up
continuous
deployment
with
CIC,
so
is
not
really
something
we
need
to
implement.
It's
just
a
matter
of
the
process,
documentation
and
the
flow.
A
And
then
then,
the
very
important
thing
that
we
need
to
work
on
is
with
monitoring
team,
about
the
monitoring
of
the
production
environment
and
the
rollback
in
case
of
problems.
So
all
these
steps
are
built
on
top
of
existing,
get
up
features
or
Gila
proposals,
so
there
will
be
a
very
strict
interaction
with
other
teams.
Monitoring
and
release,
mainly,
but
I
feel
that
you
know
to
give
people
the
value
of
our
mediation.
The
embassy
is
just
okay,
I
show
you
your
your
your
branch
with
zero
errors.
A
After
you
add
some,
so
this
will
give
us
some
feedback
and
that's
why
we
are
planning
to
have
a
beta
testing
user
research.
We
still
have
to
figure
out,
which
is
the
the
correct
approach
to
it,
to
get
some
feedback
from
customers
for
the
MDC.
So
we
are
able
to
understand
if
we
are
going
in
the
right
direction,
because
everybody
is
happy
and
very
very
excited
about
the
entire
flow.
But
we
don't
have
anyone
using
it.
So
without
an
NBC,
it's
impossible
to
get
real
feedback
from
Council.
Of
course,
of
course,
so.
F
Just
to
clarify,
though,
in
terms
of
by
eleven
nine,
it
sounds
like
you
still
have
to
click
in
the
UI
to
create
the
merge
request
and
then
the
merge
question
will
run
and
potentially
auto,
deploy
everything
else,
but
they're
still
a
manual
action.
So
it's
not
still
true
under
mediate,
which
the
vision
was
that
you
know
somebody
there's
a
yarn
module
or
an
NPM
module
that
that
bumps
up
a
version
and
within
an
hour
like
20
apps,
are
automatically
upgraded
because
it's
truly
automatic.
That's
not
coming.
A
Exhaling
that
will
not
be
part
of
the
embassy
that
doesn't
issue
called
fully
automated
outer
immigration.
Something
like
that
that
you
can
find
in
not
the
embassy,
but
in
division,
epica
right
that
will
address
a
full-coverage
because
mainly
it
cannot
be
done
related
to,
and
you
know
to
to
to
the
flow
that
we
have
at
the
moment
that
we
are
still
having
people
concerned
about.
A
They
want
to
review
the
changes
before
committing,
and
this
kind
of
thing
so
with
we
decided
that
if
the
embassy
should
allow
people
to
dive
in
and
to
you
know,
get
confidence
that
remediation
is
fine
and
that's
also
why
they
will
still
be
able
to
download
the
patch,
even
if
they
are
able
to
download,
to
talk
to
much
Kelly
create
the
merge
request.
People
are,
you
know,
excited
about
that,
but
still
a
little
skeptical.
A
We
can
fix
problems
so
easily.
We
want
to
allow
them
to
have
all
the
steps
available,
so
they
can
dive
in.
They
can
check
what
happens
and
at
the
end,
obviously,
eventually
it
will
be
automatically
done.
It
will
not
be
related
to
a
pipeline
anymore,
but
it
will
be
also
a
sort
of
background
process
that
we
run,
even
if
you
are
not
doing
any
code
change
to
your
repository,
because
maybe
a
new
vulnerability
will
be
out.
Even
if
you
don't
change
your
code,
then
so
your
code
will
be
the
tech
that
is
vulnerable.
A
Even
if
you
don't
commit
any
change.
You
don't
want
your
your
project
to
be
forgotten
just
because
you
are
not
pushing
changes
every
day,
so
it
will
have
some
challenges
because
we
don't
have
this
or
synchronous
background
the
way
of
doing
pipelines,
but
we
want
still
leverage,
see
ICD
pipelines
or
runners
at
least
to
to
achieve
this
goal.
So.
F
A
Xle-
and
that
is
intentional-
because
it's
very
hard
to
understand
that
mainly
because
we
will
move
on
different
areas
that
are
release
and
monitoring
that
we
don't
fully
own
at
the
moment.
So
we
don't
have
all
the
information
that
we
need
there
and
also
I
feel
that
we
need
to
prioritize
some
additional
language
before
we
can
go
on
the
full
path
on
the
full-out
remediation,
because
I
still
feel
that
even
if
Jana
is
quite
common
nowadays,
if
we
go
with
the
full
path,
but
they
are
not
adding
new
languages,
people
will
be
frustrated
about
that.
A
So
we
don't
want
people
to
just
say.
Oh
yes,
out
remediation,
we
heard
about
the
story,
but
it's
not
useable
to
us.
We
will
not
keep
up
to
date
with
it.
We
just
want
to
raise
knowledge
in
people
that
we
want
to
implement
their
languages,
their
package
managers
as
soon
as
possible.
So
this
will
probably
be
the
first
step,
even
if
I'd
like
to
continue
with
small
iterations
in
both
directions.
At
the
same
time,.
H
A
Consider
that
at
the
moment,
we
are
relying
on
yarn
itself
to
provide
the
DEF
file
the
past
file.
So
we
need
yarn
for
the
fact
that
we
are
leveraged
this
tool
to
provide
the
solution.
It
is
for
dependency
scanning
I
forgot
to
mention
at
the
beginning,
so
for
dependency,
scan
ik,
we're
not
talking
about
languages
mainly,
but
we
are
talking
about
packet
managers
and
repositories,
package
repositories,
so
I
expect
it
to
be
possible
for
all
the
package
managers
that
provide
this
kind
of
solution.
A
Automated
solutions,
maybe
bumping
the
version
of
the
dependency
to
the
closest
one
that
fixes
the
problem.
We
always
obviously
want
to
support
a
lot
of
different
languages,
so
we'll
build
our
own
solvers,
our
own
solution
providers,
when
not
available
but
ciela.
If
we
move
with
things
that
are
already
there
in
the
open
source
in
existing
tools,
it
will
be
faster
and
we
can
support
more
in
the
short
term.
A
H
A
A
They
mainly
want
something
there
is
and
in
the
middle
of
all
the
requests
their
developers
are
doing,
so
they
can
create
a
sort
of
approved
list
of
dependencies
that
developers
can
pull
from
the
front
from
the
package
management
system,
and
this
is
a
good
point
where
secure
and
package
will
collaborate,
because
you
will
be
able
to
serve
up
a
policy
like
okay.
If
this
package
has
not
been
reviewed
for
security
flows,
developers
will
not
be
able
to
pool
at
all.
I
know
that
this
crisis
is
strong,
but
that's
a
requirement.
A
We
heard
a
lot
in
people
and
also,
if
you're,
using
a
dependency
from
this
proxy.
Let's
call
it
like
that.
You
will
be
able
to
check
the
security
status
because
we
have
dependency
scanning
results
that
will
be
available
there.
It
is
very
similar
to
what
we
want
to
do
for
container
scanning
so
for
container
scanning.
You
can
consider
a
container
like
you
know,
sort
of
dependency,
a
sort
of
package,
just
a
different
binary
format,
but
it's
still
something
you
can
consume
as
a
source
to
build
your
application
or
is
something
that
you
can.
B
They
are
evaluating
it
level,
teammate
in
sneak
or
so
on,
the
side
and
I'm,
not
really
in
love
with
what
they
saw
on
snake,
because
the
remediation
process
is
a
bit
not
not
super
smart.
Let
that
that
way,
since
they
are
providing
almost
the
same
patches
as
we
do,
but
they
don't
say,
have
any
knowledge
about
the
project,
so
they
are
able
to
provide
the
patch
without
knowing
if
it's
going
to
break
anything
or
not.
B
So
it's
creating
a
lot
of
noise,
especially
in
the
SDLC,
because
this
new
patch
and
this
new
branch
is
going
to
be
part
of
the
wool
process
and
all
the
developers
of
the
project
would
be
notified,
failures,
success
and
all
the
the
real
magic
was
from
the
team
is
that
are
actually
completely
floated
by
these
dis
notes.
So
they
are
looking
really
forward
to
see
what
we're
going
to
provide
with
gitlab
and
they
have
some
great
expectations.
But
we
will
be
able
to
provide
something
different
because
we
managed
to
board
SDHC.
B
A
And
I
sorry
Phillip
just
closing
the
loop
on
notes,
remediation
and
container
scanning.
Obviously
we
don't
want
us
to
support
dependency
scanning
in
out
remediation,
but
we
are
targeting
all
sub
container
scanning,
because
if
a
container
is
vulnerable,
we
can
automatically
bump
it
or
update
it
to
a
safer
version,
so
ultra
mediation
will
impact
it
as
well.
We
ously
are
very
ambitious
who
want
impact
also
on
sass
and
death.
Even
in
those
cases,
that's
probably
a
lot
of
challenges
to
figure
out
how
to
fix
the
code
if
it's
self
related.
But
that's
our
plan.
B
A
Absolutely
obviously
I'm
very
happy
to
schedule.
Support
just
can
request
in
case
I,
don't
know
if
the
essays
coming
from
then
the
frustration
is
coming
from
customer
in
case
Li
always
remember
to
put
the
customer
label
on
the
issue
and
just
think
that
probably
support
requests,
but
not
customer
labelled
that's
very
important,
because
when
we
are
since
we
have
a
lot
of
issues
to
deal
with
when
we
are
prioritizing,
we
are
filter.
A
We
are
filtering
by
labels
and
I
use
the
customer
label
to
an
analyst
label
and
this
kind
of
labels
to
better
understand
what
can
be
useful
for
our
customers.
So
if
it
has
a
label,
it
is
easier
that
come
to
my
attention
and
I
will
be
able
to
schedule.
It
so
feel
free
to
push
your
comments
in
the
issue
and
level.
Accordingly,
if
you
feel
that
we
can
make
customers
happy
yeah.
G
Fabia,
thanks
for
the
reminder
that
we
should
put
the
customer
label
on
there.
I'll
make
sure
is
a
Salesforce
URL
for
that
specific
ultimate
customer
I
think
they're
just
looking
for
we
may
have
a
schedule,
a
call.
We
have
a
call
with
them
on
the
26th,
but
I'll
try
to
reach
out
to
you.
If
we
need
to
have
a
call
regarding
that
issue
further,
was
it
going
to
mention
that?
Is
there
any
timeline
that
we
is
it
going
to
be?
A
And
finally,
even
if
we
are
humans,
we
need
to
automate
a
lot
of
our
processes
in
order
to
be
to
be
able
to
schedule
things,
and
so
it
just
matter
otherwise
I
will
not
be
aware
of
that,
maybe
and
just
feel
free
and
you
and
everyone
else,
obviously
to
ping
me
directly
in
slack.
If
you
see
that
I'm
not
giving
priority
enough
to
things
that
you
feel
that
are
very
important
thing,
mainly
issue.
Absolutely
first
thing,
but
in
case
you
are
not
getting
answers.
F
Everyone's
I
definitely
have
a
question,
but
I
do
want
to
respect
the
time
so
I
want
to
time
block
this
one
really
quickly.
Then
security
dashboard.
Do
we
have
customers
using
it
today?
Do
we
have
feedback
to
people
like
the
things
that
we've
chosen
in
there
I
see
their
future
plans
include
and
container
scanning
gassed
and
where
else,
but
I
would
really
want
to
know
what
what
do
customers
need
on
that
page,
yeah.
A
We've
got
a
lot
of
you
know:
good
feelings
about
the
dashboard,
but
so
far
we
don't
have
a
strong
case
user,
kaiza
saying:
oh,
we
are
really
using
the
dashboard
and
mainly
from
direct
or
security
point
of
view
of
security
professional
part
of
you.
That
is
our
target
for
the
security
dashboard.
So
we
are
looking
for
this
I
asked
around
if
and
reiterating
in
this
call,
if
you
have
any
customer
that
is
willing
to
share
information
or
share
feedback
about
the
security,
that's
from
any
other
security
feature.
F
F
A
A
That's
the
goal
and
we're
working
with
Cathy
to
you
know,
move
their
requirements
into
the
security
dashboard
and
finally,
her
balls
and
her
graphs
are
very
complex.
So
it's
not
so
easy
to
build
a
memo,
but
that's
our
our
goal.
So
at
some
point
we
will
be
able
to
do
that
all
right
cool,
let's
wrap
it
up
all.