►
From YouTube: Threat Insights Weekly Group Discussion
Description
Weekly meeting for the Secure:Threat Insights group.
Includes milestone kick-off for 13.12.
A
A
So
in
the
last
couple
of
milestones
we
have
experimented
with,
but
I
wouldn't
say
successfully
timed
a
retrospective
discussion
during
these
group
meetings,
so
we're
going
to
go
through
the
front
end
and
back
end
issues
that
are
currently
slated
for
1312
and
I
am
going
to
ask
individuals
from
those
teams
to
go
down
the
list
for
us.
There
is
a
link
in
the
agenda
to
take
you
to
a
board.
That's
pretty
easy
to
view
we're
going
to
look
at
the
ready
for
development
and
blocked
issues
and
summarize
to
to
your
best
degree.
A
B
A
A
B
Should
I
go
for
the
next
one?
Ignore
the
unnecessary
columns
from
the
security
findings
table
seems
like
an
easy
one
like
and
perform
audit
identity
and
address
underperforming.
Sql
queries,
some
sql
queries,
that's
needs
some
attention,
I
don't
know,
is
the
it's
refined
right.
So
maybe
we
had
all
the
sql
queries.
We
just
need
to
audit
them.
B
D
D
C
D
C
C
E
A
C
C
F
C
Okay,
and
and
along
those
same
lines,
I
think
I
mentioned
before,
is
like
we're:
gonna
have
to
figure
out
like
because
a
finding
has
to
have
a
pipeline,
and
so
we're
gonna
have
to
figure
out
how
to
the
vulnerability
has
to
have
a
finding
a
binding
has
to
have
a
pipeline.
But
if
it's
manually
created,
it's
not
gonna
have
a
pipeline,
so
we're
gonna
have
to
deal
with
that.
A
little
idiosyncrasy.
C
C
B
A
B
B
D
B
B
B
A
B
C
These,
no
that
one
is
actually
that
one
it
was
block.
I
had
that
one
in
my
backlog
or
in
my
in
my
list
of
issues
for
a
while,
while
we
were
trying
to
get
some
other
issues
that
was
blocking
that
that
one
finally
came
unblocked,
but
I
was
also
in
the
middle
of
doing
some
other
things.
So
that's
why
it's
back
in
the
list.
B
B
C
B
D
B
Another
migration
creator-
okay,
we
can
check
later
include
additional
information
in
binary
report.
Export
date
detected
and
location.
Two
more
fields
seems
like
straightforward
and
enable
jira
for
vulnerabilities
feature
flag
activity
activity,
filter
on
vulnerability
report,
close
error
in
group
level,
dashboard.
C
C
A
A
A
It
was
the
use,
vulnerability,
external
issue,
link
creation
mutation
for
creating
issue
on
vulnerability,
details
page
the
really
catchy
titled
one
was
is
a
front-end
issue
that
was
created.
The
the
graphql
endpoint
already
exists
and
we're
just
not
using
it
yet
on
the
details
page,
and
so
it
looks
like
yannick
from
neil's
team
has
already
picked
it
up.
It
was
a
list
identified
of
work
that
if
they
had
bandwidth,
they
could
grab
and
work
on
in
the
next
couple
milestones.
So
I'm
correcting
that
right
now.
C
A
A
D
Is
it
this
one?
It's
yes,
exactly!
Okay,
so
here
are
the
front-end
issues.
Basically
they
we
just
been.
We
just
went
through
these
with
linsei,
so
I
know
that
they're
grouped
the
first
ones,
for
instance,
are
grouped
by
the
pipeline,
so
this
is
regarding
migrating.
The
pipeline
security
to
graphql,
so
this
use
graphql
enables
this
for
pipeline
security
tab
and
then
use
vulnerable
details
component
for
pipeline
security,
tab
vulnerabilities
model.
D
So
basically
this
one
is
just
using
the
vulnerability
details
page
inside
the
the
model
that
appears
in
the
pipeline,
and
there
is
yeah.
We
need
to
enable
the
feature
flag
here
on
top
and
then
we
have
use
onvolume
with
the
details.
Page
change
fetching
a
vulnerability
to
graphql
fetching
your
phone,
oh
yeah,
right
now.
This
is
this-
is
injected
to
dom.
We
need
to
change
that
to
graphql
and
then,
as
part
of
the
cleanup,
since
we
will
be
removing
the
so
we
will
be
migrating
to
graphql.
D
A
F
D
So
it's
regarding
that
one
and
then
we,
the
couple
of
we
have
a
few
issues
regarding
the
gener
generic
report
schema.
All
of
these
are
basically
creating
new
components.
So,
for
instance,
this
one
is
creating
a
table
component
for
the
generic
report
schema.
This
one
is
creating
the
value
type
so
which
which
will
display
a
string
in
integer
or
boolean,
and
then
we
have
the
markdown.
A
D
A
D
A
A
C
A
A
A
If
you
put
a
blocker
on
the
issue
like
say,
this
is
blocked
by
issue
one
two,
three
at
least
the
person
will
see
that,
but
they
have
to
click
into
it
and
probably
grab
it
before
they
see
that
they
might
miss
it.
So
I
I
kind
of
want
to
say
both.
It
feels
a
little
redundant
and
like
extra
work.
But
what
do
you
guys
think.
C
A
That
issue
is
closed.
It
still
shows
that
little
circle,
so
you
say
I'm
blocked
on
issue
one
two:
three:
it's
gonna
immediately
show
that
you
know
indicator
on
the
issue
board,
but
then,
when
issue
one
two
three
gets
closed.
That
indicator
still
shows
there.
There's
no
visual
indicator
that
that
blocking
issue
is
now
resolved
either.
So
it
would
be
a
nice
product
enhancement.
A
C
A
That
it
wouldn't
be
clear
to
the
person
that
was
looking
at
it.
So
that's
a
good
question
and
I
don't
know
if
we
should
make
that
part
of
our
process
or
just
assume
that,
once
if
we
did
both
once
it's
blocked
right,
if
we
both
put
the
workflow
state
on
and
the
blocker,
we
would
eventually
just
start
to
ignore
that
visual
indicator
of
something
being
blocked
once
it's
in
the
ready
for
dev
column,
because
you
wouldn't
move
it
back
to
ready
for
dev
until
the
blocked
issue
was
resolved.
The
manual.
B
C
A
C
I've
tried
to
move
them
from
block
to
link
just
so
it
gets
rid
of
that
blocked
like
so
that
there's
it
doesn't
show
it's
blocked
by
something,
because
it's
no
longer
blocked.
You
know
and
it'd
be
nice
if
it
automatically
went
and
the
workflow
as
well
as
soon
as
that
issue's
closed,
then
it
you
know,
moves
out
of
the
block
by
column
or
the
little
icon
removes.
A
D
Yeah
so
since
we
still
have
a
couple
of
minutes,
I
think
I
can
share
my
screen
and
then
describe
the
problem
that
I
was
going
through
today.
So
basically,
I'm
working
on
this,
not
this
one,
but
this
one,
this
one.
So
I'm
implementing.
Okay,
I'm
just
gonna-
hold
on
move
this
zoom
bar
somewhere
else.
So
I
can
see
so
I'm
just
adding
the
the
dismissal
reason
to
the
vulnerability
details
page
I
did
that
it
works
and,
as
you
can
see
here,
the
vulnerability
object
receives
the
dismissal
feedback.
D
It
took
me
a
while
to
figure
out
the
backend
data
structure,
but
I
thanks
to
john,
I
was
able
to
figure
out
that
the
dismissive
reason
is
inside
the
dismissal
feedback
object
and
it
just
shows
pops
here,
but
the
problem
is
with
with
graphql.
So
when,
when
I
change
this
the
status
and
then
I
change
it
back
to
dismissive
reason,
we're
here
we're
using
graphql
to
fetch
the
new
version,
and
I
was
not
able
to
populate
that
field
using
graphql.
D
So
this
is
one
part
where
I
need
help
with
the
backend
and
the
second
one
is
when
I
dismiss
it.
The
dismissal
reason
doesn't
seem
to
populate
it's
always
nil.
I
had
to
go
to
the
database
and
then
manually
change
the
field
in
order
to
get
this
false
positive
here.
So
this
is,
I
think
this
could
be
a
bug,
or
maybe
I
don't
know
how
to
populate
that
using
the
ui.