►
From YouTube: 2021-06-18 GitLab Inventory Builder update
Description
Links:
- GitLab Inventory Builder: https://gitlab.com/gitlab-com/gl-security/engineering-and-research/gib
- Example inventory: https://gitlab.com/gitlab-com/gl-security/engineering-and-research/inventory-example
- OKR: https://gitlab.com/groups/gitlab-com/gl-security/-/epics/106
- Issue to share your ideas: https://gitlab.com/gitlab-com/gl-security/appsec/appsec-team/-/issues/162
- Categories MR: https://gitlab.com/gitlab-com/www-gitlab-com/-/merge_requests/83315/
A
Hi
I'm
philippe
fuclear
from
the
security
department.
It
is
june
18,
and
this
is
my
weekly
update
on
the
good
lab
inventory
builder.
A
So
this
week
there
is
one
change
that
I
wanted
to
share
with
you
for
this
kind
of
configurations
where
we
don't
want
to
synchronize
all
the
projects
and
all
the
the
groups
under
a
particular
group,
for
example.
Here
I
just
wanted
to
synchronize,
customersgitlab.com
and
design.gitlab.com,
because
I
wanted
to
add
these
urls
to
this
inventory
example
project.
By
the
way,
this
is
a
project
that
you
can
check
out.
A
If
you
want
to
see
the
inventory
builder
running
in
the
real
conditions,
and
so
this
kind
of
configuration
was
failing
last
week
because
the
the
inventory
builder
was
trying
to
synchronize
this
customer's
gitlab.com
folder,
because
it
was
seen
as
a
group
and
now
we
are
checking
if
the
parent
group
is
actually
ignored
and
in
this
case
we're
going
to
synchronize
all
the
sub
projects,
one
by
one.
So
that's
the
price
of
using
this
kind
of
method.
A
When
we
don't
have
this
ignore
file
all
the
subgroups,
all
the
the
projects
are
going
to
be
synchronized
in
batch.
By
pages
of
100.,
in
this
case,
we
need
to
go
through
these
projects,
one
by
one,
so
there
could
be
a
small
performance
hit.
If
you
have
a
lot
of
standalone
projects
like
this,
and
so
instead
of
failing,
we
now
have
this
kind
of
merge
request
being
created.
You
can
see
that
all
the
projects
and
subgroups
under
the
five-minute
production
app,
which
was
not
here,
actually
it's
part
of
the
repo
sorry
it's.
A
It
was
already
there
in
the
ripple,
so
it's
synchronized
as
well,
and
we
also
synchronized
the
customer's
gitlab.com
project,
so
that
this
merch
request
is
adding
a
project.json
as
well
as
the
as
for
the
design.github.com
for
project.
We
also
have
a
project
which
isn't
that
was
created
and
for
the
next
update.
Of
course,
it's
going
to
run
exactly
the
same
way
this
these
files
are
going
to
be
updated
for
everything.
A
A
We
calculate
after
updating
the
the
repo
we
calculate
the
coverage,
so
the
number
of
projects
that
were
categorized
so
basically
the
number
of
projects
having
a
properties.gml
file
again,
this
properties.tml5
is
validated
during
the
update,
so
it
has
to
be
a
valid
ml
file
with
the
categories
that
we're
expecting.
A
Otherwise,
it's
going
to
fail,
but
if
the
validation
step
is
passing,
then
we
will
have,
after
that,
the
update
and
then
the
coverage
so
that
we
can
configure
the
projects
to
track
this,
and
we
will
see
that
in
logic,
quest
to
see
if
we're
lagging
behind.
So
that's
a
great
way
if
we
update
on
a
regular
basis,
for
example,
every
week
to
see
if
new
projects
are
being
added,
how
it's
going
to
impact
the
coverage
of
the
world
project.
So
that's
why
I
wanted
to
have
that.