►
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
All
right
well
welcome.
Everyone
looks
like
wayne,
has
the
first
item
and
he's
not
on
the
call,
so
I'll
just
go
ahead
and
read
it.
He
says:
fyi
thomas
is
working
on
dog
fooding
security
approvals
on
get
lab
projects
by
the
end
of
the
quarter,
starting
with
secret
detection
due
to
the
low
false
positive
rate.
A
The
security
team
will
get
an
fyi
if
an
override
is
done
per
the
recommendation
from
lawrence,
and
this
actually
is
kind
of
on
the
same
point
that
I
brought
up
last
meeting,
although
we
didn't
have
nearly
the
same
attendance
here,
but
we
have
made
a
lot
of
changes
and
I
think
we've
addressed
all
the
feedback
that
we
received
previously
from
the
security
department
on
this.
So
it
would
be
fantastic
if
we
could
start
dog
feeding
this
more
across
get
lab
and
collect
feedback
on
what
we
now
have.
A
A
A
A
So
you
can
edit
this
yaml
directly
if
you're
philippe
and
you
like
yaml
or
if
you
prefer
a
better
ui
experience,
you
can
also
come
in
and
create
a
new
policy
choose
scan
result
policy.
We
also
have
a
scan
execution
policy.
Network
policies
are
going
away
in
15.0,
but
as
part
of
this,
you
can
walk
through
this
ui
and
you'll
see
it
just
live
updates
the
yaml
as
you
modify
things
so
you
know,
require
approval
for
all
criticals
and
highs,
and
you
can
pick
all
scanners.
A
You
can
pick
specific
scanners
in
the
case
where
you
know
some
of
these
might
have
more
false
positives
than
others.
You
might
want
to
only
look
at
secret
detection
and
we
now
have
super
granular
rules.
You
can
pick
exactly
how
many
vulnerabilities
you're
interested
in
and
what
types
whether
they're
newly
detected
or,
if
you
wanted
to
you,
know,
crack
down
on
things
that
are
already
in
the
default
branch.
You
could
do
that
as
well,
but
the
really
nice
thing
is
that
you
can
chain
these
rules
together,
so
you're
not
fixed
to
just
one.
A
You
could
say
you
know
I'm
interested
in
secret
detection,
where
there's
any
criticals
at
all,
but
then,
as
far
as
highs
they're,
just
introducing
one
high
vulnerability,
that's
okay,
but
I
want
to
flag
if
they're,
introducing
four
or
more
that
are
newly
detected
and
again
you
can
kind
of
mix
and
match
these
rules
for
the
different
scanners
and
define
who's
going
to
be
eligible
to
approve
that
the
way
this
works,
because
it's
a
linked
project
you
it
does
support
one-to-many
linking
so
you
can
have
one
security
policy
project,
that's
linked
out
to
multiple
development
projects
for
ease
of
managing
the
policies,
we're
also
working
on
group
level,
policies
that
will
come
in
the
future,
probably
the
not
too
distant
future.
A
But
for
now
these
are
linked
up
at
the
project
basis.
But
again
you
can
have.
They
can
even
be
across
groups
right.
So
you
can
have
a
security
policy
project
in
one
group
linked
to
a
development
project
in
a
totally
different
group,
and
you
can
link
it
up
to
as
many
different
development
projects
as
you
would
like.
A
The
idea
is
that
it
provides
full
separation
of
duties,
so
the
security
team
can
manage
these
policies.
You
would
give
the
security
team
permissions
to
manage
the
policies
and
that
security
approval
project,
and
then
you
also
have
full
audit
logging
anytime.
The
policies
are
changed
and
you
can
have
your
own
approval
process
for
policy
changes
inside
of
the
security
team.
So
if
you
wanted
to
say
you
know,
philippe's
got
too
much
power
in
this
organization.
We
don't
want
him
to
approve
these
by
himself.
A
B
Very
cool:
I'm
excited
to
see
this
having
more
than
the
more
advanced
policies
you
can
create
on
there
did
did,
I
guess,
is
it
already
in
the
product
now
or
when
yeah?
So
it's
already
there
yep,
it
was
released.
A
C
A
Like
I
said,
the
group
level
is
still
being
worked
on
okay
available
yet,
but
you
can
you
have
to
be
a
project
owner
and
that's
by
design,
because
we
don't
want
just
anyone
to
be
able
to
remove
these
okay,
but
if
you're
a
project
owner
you
just
come
up
here
and
you
find
your
project,
you
can
unlink
it
if
you
want,
but
this
will
let
you
search
any
project
that
you
have
access
to,
not
just
in
the
same
group.
A
Okay.
That
was
my
next
question.
Thank
you.
You
can
get
up
via
the
api
as
well
like
if
you've
got
thousands
of
projects,
it
makes
a
little
bit
more
convenient
that
way,
but
yeah
again
we're
working
on
this
for
the
group
level
is
in
progress.
A
D
Yeah
I
mean
I,
I
was
just
confirming
that
15.0
is
coming
out
next
month
and
that's
when
the
report
schemas
will,
if
they're
invalid,
you
know
they'll
be
enforced
as
opposed
to
just
warned
on
right
now.
My
the
full
context
for
this
is
package
underneath
to
be
updated.
So
I'm
just
you
know
valid
verifying
how
much
time
we
have
to
get
it
out.
Matt
answered
most
of
the
stuff.
I
just
the
one
question
I
have
is:
when
do
we
know
when
it'll
hit
gitlab.com.
D
A
E
C
D
C
E
F
I
think
that
was
for
me
so
a
couple
of
points
of
clarification
on
this,
so
while
they
are
formally
deprecated,
we
are
being
conservative
in
actually
turning
on
enforcement,
so
we
reserve
the
right
to
start
rejecting
all
of
those
in
15.0.
We
don't
necessarily
have
to
start
doing
that.
Okay,
we
are
being
very
sensitive
because
we
have
a
number
of
integration
partners
that
they've
been
communicated
with
a
while
back,
but
in
the
event
that
there
is,
let's
say
one
or
two
of
them
that
are
not
able
to
get
their
reports
in
compliance.
F
We
don't
want
to
just
break
everything.
I
do
wonder
too,
if
there's
a
a
better
way
to
communicate
this,
since
you
know
we
did.
It
was
several
months
ago
that
we
sent
out
the
deprecation
notices
in
the
normal
place,
but
we've
also
create
we
are
creating
an
email
distribution
list
that
anybody
can
sign
up
to.
That
will
be
specific
to
security
integrations
like
this
and
both
partners,
as
well
as
the
wider
community.
F
That
may
be
something
that
would
be
helpful
because,
admittedly,
package
hunter
is
not
something
we
were
aware
of,
and
I
can
see
how
that
would
have
fallen
through
the
cracks
for
us,
because
it's
not
it's
not
really
our
product
in
terms
of
it's,
not
an
analyzer,
and
it's
not
a
partner
that
we
would
normally
communicate
with.
So
certainly
don't
want
to
want
to
break
all
the
things
that
make
you
guys
rush
but
like
to
avoid
that
kind
of
stuff
in
the
future,
as
we
continue
to
build
more
of
our
own
tooling.
D
Yeah
I
mean
I
I'm
I
we
had
awareness
prior
to
this
week.
It
just
like
you
know
there
was
there
was
a
little
bit
of
prioritization
and
stuff
on
our
part.
That's
why
I
just
wanted
to
confirm
that
it's
upcoming,
so
I
I
mean,
I
think
the
you
know
the
warning
in
the
ui
that
worked
for
us
it
just
you
know
we
didn't
you
know,
so
it
wasn't
like
it
came
out
of.
F
F
If
we're
not
going
to
make
the
the
timeline
on
that
and
we
can
hold
off
on
the
hard
enforcement.
E
All
right,
so
I
just
wanted
to
call
out
that
for
the
api
security
category,
we
are
working
on
our
complete
maturity
and
part
of
that
is
defined
as
being
dog
fooded
within
git
lab.
E
But
there's
been
a
blocker
that
we
don't
have
any
type
of
open
api,
spec
or
other
schema
that
we
can
use
to
define
the
test
for
api
security,
whether
it's
api
or
api
fuzzing.
So
we're
going
to
start
working
on
an
api
discovery
feature
within
api
security
and
there's
a
few
things
that
we're
looking
at.
E
You
know
to
start
off
with,
like
just
using
finding
graphql
schema
or
something
like
that,
but
I
wanted
to
know
who
I
would
need
to
work
with
in
order
to
make
sure
that
we
get
the
get
lab
use
cases
covered
and
that
we
can,
you
know,
provide
this
usage
here
and
answer
that
issue.
Not
just
answer
for
our
customers,
but
also
make
sure
that
gitlab
is
is
included
in
that
yeah.
B
D
B
E
Okay
cool,
then
I
will
reach
out
to
you
once
we
start
working
in
earnest
on
this
we're
finishing
up
a
couple
of
other
things
before
we
switch
over,
but
we
should
start
it
in.
The
next
couple
of
milestones
sounds
good.
G
Hey
so
real
quick,
I
just
noticed
that
there's
nothing
next
on
the
agenda.
First,
I
wanted
to
say
hi
to
matin
and
anyone
else
who
doesn't
hasn't
had
a
coffee
chat
with
me
may
not
know
my
role
within
the
security
group,
so
I'm
here
to
help
bridge
the
gap
between
security
and
all
of
our
external
partners
that
we
do
work
with.
G
So
I
will
be
picking
up
on
different
projects,
making
sure
that
we
reduce
friction
wherever
possible.
Make
things
a
little
bit
easier,
also,
look
for
opportunities
to
get
ahead
of
anything
where
we
in
security
are
doing
the
same
thing
that
you
and
product
are
doing,
and
we
don't
know
it
and
then
I'll
be
running
a
few
larger,
more
cross-cutting
initiatives
that'll
be
going
on,
but
good
to
meet
you
guys
and
and
I'll
be
coming
to
this.
This
regularly,
I
did.
G
I
did
wonder
if
everyone
had
an
opportunity
to
update
the
section
at
the
top
of
the
the
notes.
I
know
that
there's
a
lot
of
information
up
there
on
on
pain,
points
and
links
to
dog
fooding
status.
Things
like
that.
I
wasn't
sure
if
that's
something
that
you
guys
regularly
keep
refreshed
or
if
that's
something
I
need
to
ask
about
when
we
do
these
sessions.
G
Well,
my
name
wasn't
on
there.
So
no
at
least
for
me
but
pain
points
I'd
be
interested
in
if
those
are
up.
E
Yeah,
I
don't
typically
go
through
those
up
there
and
keep
them
updated.
I
was,
I
was
under
the
impression
that
that
was
more
for,
like
the
security
team
to
to
let
us
know
of
any
issues
that
they're
having.
So
I
wasn't,
you
know
going
through
it
myself
and
updating
since
I
don't
necessarily
know
what
the
pain
points
are
or
anything
like
that
so
yeah
I
was.
I
was
leaving
that
alone
and
just
answering
issues
as
they
came
up.
A
A
You
know,
like
I
said,
one
of
those
feedback
items
was
the
approval
rules
that
are
rigid
and
I
think
we've
solved
that.
But
you
know
I
don't
want
to
like
delete
it
entirely
until
I
have
confirmation
from
the
security
team
that
the
new
solution
meets
their
needs.
G
Yeah,
I
love
that
approach
that
works
for
me
and
I
do
think
if
it
is
used
for
that
purpose,
then
I'll
make
sure
that
the
security
folks
have
have
been
keeping
that
fresh
as
long
as
you
guys
can
make
sure
to
check
in
on
it
to
see
if
there's
anything
new
added
there,
but
we'll
try
to
I'll
try
to
make
sure
that
those
anything
new
gets
brought
in
and
I'll
help
close
the
loop
on
those
things
say:
I'm
like
you
bring
it
up.
G
Yeah,
if
you
want
to
like
mention
in
the
doc,
if
something
gets
added,
that's
really
helpful,
but
also
feel
free
to
talk
any
other
way.
Issues
like
whatever
I
like
that
connor
thanks
good
one.