Hi this is philipp lafleya from the security department. Today, I'm going to share my update on the gitlab inventory builder. It is july 11th, so this week I wanted to share this update with you. I just merged this uh emergency quest uh generation of local db from that idea. This is something that I started two weeks ago that just finished that, because that's a rather big merge request in order to generate the data correctly. um So I can share an example of how it looks now.

I've been running this um new version on my local test, repo and, as expected, it generated all the touches and five, such as advice for the projects and the groups.

The difference here is, I don't store any more the dependencies, the json files and the vlabetes.com files as well, because they are very noisy and they create some huge commits every week.

So, instead of that, I still create the files, if you really want to keep them, there's an option in the the template to keep the files and to commit them, but instead uh all the data is available in the inventory db that we have here. So the difference with the version from last week is now the db is entered by git lfs.

So you won't see the div here. The template will take care of adding the the guitar tributes for qwfs automatically, if not present, and ignore the files automatically.

So that's the update, and if we want to take a quick look at the db, uh we can see that uh I also improved the schema of the db, because now we have some foreign keys.

um So we store categories dependencies. The data about the groups, the projects urls that we would define in properties.yammer and finalities as well. So from there we can directly query the db and do all the reports that we need to do, and so that's my next step.

Actually, I'm going to start generating reports, and I will also start working on creating policies and enforcing these policies with oppa, as well as uh declaring some manual dependencies like, for example, the versions of go that we're using, so that we can query this tv very quickly to spot a very particular version of code that we might use somewhere in our projects.

That's it for this week again, if you have any questions, feel free to reach out to me directly on slack and have a good rest of your week. Thanks.