Home
Contribute Contact Us Browse all meetings
Home Contribute Contact Us Browse all meetings
GitLab / Security Department / 18 Jun 2021
GitLab / Security Department / 18 Jun 2021
Previous Meeting Next Meeting
Add meeting Rate page Subscribe
youtube image
From YouTube: 2021-06-18 GitLab Inventory Builder update

Description

Links:

- GitLab Inventory Builder: https://gitlab.com/gitlab-com/gl-security/engineering-and-research/gib
- Example inventory: https://gitlab.com/gitlab-com/gl-security/engineering-and-research/inventory-example
- OKR: https://gitlab.com/groups/gitlab-com/gl-security/-/epics/106
- Issue to share your ideas: https://gitlab.com/gitlab-com/gl-security/appsec/appsec-team/-/issues/162
- Categories MR: https://gitlab.com/gitlab-com/www-gitlab-com/-/merge_requests/83315/

A

Hi I'm philippe fuclear from the security department. uh It is june 18, and this is my weekly update on the good lab inventory builder.

A

So this week there is one change that I wanted to share with you for this kind of configurations where um we don't want to synchronize all the projects and all the the groups under a particular group, for example. Here I just wanted to synchronize, customersgitlab.com and design.gitlab.com, because I wanted to add these urls to this inventory example project. By the way, this is um a project that you can check out.

A

If you want to see the inventory builder running in the real conditions, uh and so this kind of configuration was failing last week because the the inventory builder was trying to synchronize this customer's gitlab.com folder, because it was seen as a group and now we are checking if the parent group is actually ignored and in this case we're going to synchronize all the sub uh projects, one by one. So that's the price of using this kind of method.

A

uh When we don't have this ignore file all the subgroups, all the the projects are going to be synchronized in batch. By uh pages of 100., in this case, we need to go through these projects, one by one, so there could be a small performance hit. If you have a lot of standalone projects like this, and so instead of failing, we now have this kind of merge request being created. You can see that all the projects and subgroups under the five-minute production app, which was not here, actually it's part of the repo sorry um it's.

A

It was already there in the ripple, so it's uh synchronized as well, and we also synchronized the customer's gitlab.com project, so that this merch request is adding a project.json as well as the as for the design.github.com for project. We also have a project which isn't that was created and for the next update. Of course, it's going to run exactly the same way this uh these files are going to be updated for everything.

A

um So that's all I have for this week. That was already a big change, a reminder that you can check out the redmi that was correctly improved also this week. A very small edition that I wanted to also share with you today is the addition of um the coverage. Let me make my screen, maybe bigger.

A

We calculate after updating the the repo we calculate the coverage, so the number of projects that were categorized so basically the number of projects having a properties.gml file um again, this uh properties.tml5 is validated during the update, so it has to be a valid ml file with the categories that we're expecting.

A

Otherwise, it's going to fail, but if the validation step is passing, then we will have, after that, the update and then the coverage so that we can configure the projects to track this, and we will see that in logic, quest to see if we're lagging behind. So that's a great way if we update on a regular basis, for example, every week to see if new projects are being added, how it's going to impact the coverage of the world project. So that's why I wanted to have that.

A

That's it for the week, thanks for watching and, of course, like usual, feel free to reach out to me directly. If you have any questions dad have a great weekend, everyone.