►
From YouTube: 2021-07-11 GitLab Inventory Builder update
Description
Links:
- GitLab Inventory Builder: https://gitlab.com/gitlab-com/gl-security/engineering-and-research/gib
- Example inventory: https://gitlab.com/gitlab-com/gl-security/engineering-and-research/inventory-example
- OKR: https://gitlab.com/groups/gitlab-com/gl-security/-/epics/106
- Issue to share your ideas: https://gitlab.com/gitlab-com/gl-security/appsec/appsec-team/-/issues/162
- Categories MR: https://gitlab.com/gitlab-com/www-gitlab-com/-/merge_requests/83315/
A
Hi
this
is
philipp
lafleya
from
the
security
department.
Today,
I'm
going
to
share
my
update
on
the
gitlab
inventory
builder.
It
is
july
11th,
so
this
week
I
wanted
to
share
this
update
with
you.
I
just
merged
this
emergency
quest
generation
of
local
db
from
that
idea.
This
is
something
that
I
started
two
weeks
ago
that
just
finished
that,
because
that's
a
rather
big
merge
request
in
order
to
generate
the
data
correctly.
So
I
can
share
an
example
of
how
it
looks
now.
A
I've
been
running
this
new
version
on
my
local
test,
repo
and,
as
expected,
it
generated
all
the
touches
and
five,
such
as
advice
for
the
projects
and
the
groups.
A
So,
instead
of
that,
I
still
create
the
files,
if
you
really
want
to
keep
them,
there's
an
option
in
the
the
template
to
keep
the
files
and
to
commit
them,
but
instead
all
the
data
is
available
in
the
inventory
db
that
we
have
here.
So
the
difference
with
the
version
from
last
week
is
now
the
db
is
entered
by
git
lfs.
A
A
So
that's
the
update,
and
if
we
want
to
take
a
quick
look
at
the
db,
we
can
see
that
I
also
improved
the
schema
of
the
db,
because
now
we
have
some
foreign
keys.
A
A
Actually,
I'm
going
to
start
generating
reports,
and
I
will
also
start
working
on
creating
policies
and
enforcing
these
policies
with
oppa,
as
well
as
declaring
some
manual
dependencies
like,
for
example,
the
versions
of
go
that
we're
using,
so
that
we
can
query
this
tv
very
quickly
to
spot
a
very
particular
version
of
code
that
we
might
use
somewhere
in
our
projects.