►
From YouTube: License Compliance capability demo - MVC2 review
Description
We are creating a series of videos to show specific capabilities required in the customer use cases we are focusing on. This is a review of MVC2 for License Compliance capability of the DevSecOps use case, as we work towards establishing standards and the flow that we want all these demos to have.
A
A
It's
focused
covers
just
the
key
points
that
you
want
to
cover
and
it
doesn't
cleanly
so
so
awesome
second
Rev
awesome
job
so,
but
but
having
said
that,
I
did
also
take
a
bunch
of
notes
and
a
lot
of
these
things
are
knits,
but
also
just
as
we
like
to
continually
improve
I
think
you
could
get
this
video
out
there.
The
way
it
is
but
I
think
the
main
thing
that
that
I'll
mention
is
that
is
that
we're
still
working
on
that
transition
to
the
education
instruction,
video
verses
or
consulting
video
versus
the?
A
So
the
first
thing
is
getting
into
it:
I
like
that
you're
covering
the
the
value
and
what
we're
going
to
talk
about.
Why
so
urgent
care
I
mean
during
the
title
screen?
I
do
miss.
That's
really
just
talked
about
like
here.
Did
the
notion
of
having
your
face
and
there
some
people
can
see
you're
a
real
person
before
you
switch
to
the
screen
here.
A
A
See
you're
talking
about
the
lights
of
the
thing
to
say.
Imagine
but
like
this
would
make
you
open
source
your
code
that
wouldn't
be
fun
and
I
think
want
to
be
careful
there,
because
most
people
are
good
with
that
idea.
Right
and
it's
not.
We
don't
want
to
I,
don't
want
to
cast
open
sourcing.
Your
code
is
a
bad
thing,
because
it's
not
what
maybe,
instead
of
I,
think
something
like
to
accidentally
give
away
your
code
or
you
know,
be
forced
to
do
something.
That's
against
your
business
model
right,
okay,.
A
A
A
B
A
You
see
you're
you're
touring
us
you're,
showing
us
what's
there
as
opposed
to
saying
something
like
you
should
have
licensed
scanning
set
up
as
a
regular
part
of
your
pipeline,
so
that
you're
always
scanning
on
every
change,
and
you
can
show
it
at
that
point
right
and
then
it
kind
of
flows
makes
sense.
You're
saying
what.
A
A
A
B
A
So
good
that
you
put
the
reason
why
it's
a
good
way
to
do
it
that
way,
but
again
how
you
introduce
it
I,
have
it
set
up
to
run
with
other
security
scans
or
and
after
the
container,
rather
than
a
good
practice,
is
to
run
it
with
other
security
scans
right
after
your
container
or
right
after
you
build
the
container,
and
it
has
a
side
note.
This
is
now
actually.
If
we
think
about
that,
what
you're
saying
is
I
mean
that's
how
we
have
it.
A
But
if
you
think
about
that,
we
could
actually
run
it
at
the
same
time
right
because
it's
actually
independent
and
if
you
think
about
pipelining,
run
the
build,
do
the
scan,
because
it's
license
scanning
we're
scanning
the
code,
not
pull
up
the
running
the
running
thing.
I
know:
that's
not
how
our
pipeline
shows
it,
but
there's
no
reason
that
you
shouldn't
or
couldn't
run
them
at
the
same
time,
and
then
you
know,
but
so
I
only
pointed
out,
because
you
say
it's
best
practice
to
run
it
after
the
container
build
yeah.
B
That's
how
I
have
it
set
up
so
yeah,
so
so
do
what
I
do
we
want
to
change
that
a
little
bit
to
be
more
like
good,
because
yeah,
because
it
might
not
be
that
it
just
depends
on
your
environment
and
we
don't
want
to
tell
them
like
you
should
do
it
like
this?
It
just
depends
and
flipping
around
different
needs.
So
I,
don't
I'm,
not
too
sure
how
we
it's.
A
B
A
Earlier
step
is
to
run
it
at
the
same
time
as
you
do
the
build,
so
some
people
might
think.
Okay.
Well,
what's
the
point
of
scanning
my
code,
if,
if
it
turns
out
that
that
it
doesn't
even
build
right
now,
again,
I
I
think
all
a
lot
of
that
could
actually
run
in
parallel,
but
we
don't
tend
to
and
maybe
I'm
just
not
aware
of-
why
not,
but
if
I
think
about
logically
like
we're
license
scanning
the
code
itself
right,
we're
looking
at
all
the
dependencies
and
all
that
stuff,
the
built
happening
independently.
A
A
A
So
48
at
this
point
I
just
say
this
happens.
Another
time
to
it
see
more
pronounced,
but
have
the
box
come
up
a
little
bit
slower
because,
like
maybe
closer
to
when
you
mention
it,
otherwise
I
get
to
the
screen?
And
if
I
don't
see
it
come
up
that
fast
and
it
looks
just
like
it's
part
of
the
UI,
because
the
colors
could
be
you
know
similar
and
so
I
might
not
realize
what
you're
pointing
to
again.
That's
a
really
minor
thing.
A
At
the
point,
when
you
say
we
see
that
that
would
be
a
good
time
to
bring
it
up
to
like
draw
the
attention
to
it.
Okay
and
this
one's
not
as
bad
I
mean
that's
just
a
small
adjustment,
I
think
of
a
video,
but
this
one's
not
as
bad
the
other,
the
other
one
I
pointed
out
later.
It
actually
comes
up
almost
at
the
same
time,
so
so
and
I
know
that
it's
not
part
of
the
UI,
but
somebody
else
might
not
so.
A
A
B
A
Point
hi
I'm,
fern,
yeah
yeah,
it's
okay,
I'm,
just
I'm
trying
to
keep
us
from
going
all
right.
I
can
do
four,
so
I
can
do
five
right.
I
can
do
five,
so
I
can
do
six
right
and
then
before
you
know
what
we're
double
so
so
let
let's
do
our
best
to
stick
to
this,
where
you're
under
and
if
we're
20
seconds
over
it's
okay,
okay,.
A
A
A
A
A
Okay,
so
135
this
section
in
general
love,
it
came
out
really
nice.
Of
course,
I
still
have
comments,
but
but
in
general
just
like
having
that
it
was
just
the
right
amount
of
like
here's
like
a
quick
like
this
wasn't.
This
was
an
almond
Buddha
magic
that
you
can't
do
like
here.
Here's
it
is
right,
so
that
was
awesome.
A
A
Okay,
okay,
so
this
one,
this
one
could
be
a
zipper
bit
because
when
you
switch
to
this
I
was
gonna,
say:
I
started
to
putting
the
note
we
should
mention.
If
you
have
the
permissions
to
do
it,
you
can
add
licenses
or
change
licenses.
But
then
I
realized
wait
a
minute
we're
in
this
section
where
you're
doing
configuration
so-
and
you
already
said
this
is
probably
the
legal
team
or
the
leadership
team
or
summit
security
team.
A
That's
putting
these
in
right,
so
that
context
was
already
set,
but
I
lost
it
by
the
time
we
got
there.
I
thought
why
didn't
I?
Why
did
I
lose
that
context,
because
I
knew
when
I
saw
your
your
title
screen
and
I
heard
what
you
said
and
I
even
made
a
comment
about
it
and
then
I
realized,
because
your
configuration
is
not
it's
happening
from
a
place
where
you
can
do
it,
but
it's
not
the
preferred
place.
A
But
if
we're
talking
about
as
we
were
as
we
are
it,
where
is
it
configuration
and
setup
that
should
actually
be
happening
under
settings
license
compliance?
Oh
so
you
should
be
showing
it
from
there
and
that
would
let
me
stay
in
the
context
of
I.
Am
I.
Am
you
know
now?
This
is
something
that
normally
a
person
has
the
right
permissions,
the
security
team
or
the
legal
team
or
the
you
know,
the
engineering
lead
or
whatever
will
go,
define
the
policy
because
it
doesn't
make
sense.
A
Otherwise,
for
me
to
come
here
and
say:
here's
the
things
that
my
project
has
already,
because,
if
I'm
defining
a
policy,
if
I'm
saying
like
none
of
our
projects,
shall
use
the
BST
to
license,
for
example,
right
I'm,
going
to
say
that
and
set
that,
irrespective
of
what
actually
ends
up
in
the
project
at
that
point
now,
I
get
that
if
you
have
permissions,
you
might
fine
tune
and
add
stuff
like
you're
shown
right,
but
this
is
I'm
in
the
active
project.
Something
has
been
scanned.
This
is
what's
set
or
what
we
have
currently
now.
A
B
I
I
guess
I
just
have
to
say
that
I
mean
had
to
say
that
that's
all
permissions,
but
the
thing
is
you
got
security
behind
section.
If
I
was
someone
on
the
security
team
that
actually
could
make
those
changes,
I
would
probably
go
there
rather
than
go
to
the
settings,
because
this
gives
me
the
high
level
reviewable.
All
my
you
know,
security
features
so
I
think
I
think
I
probably
wouldn't
go
in
the
settings
and
you
know
kind
of
like
go
through
some
jumbled
stuff
there.
B
A
It
actually
totally
does
right,
because,
because
that
is
those
are
the
settings
that
you
are
putting
on
the
project,
no
matter
what
ends
up
actually
in
the
project
right,
that's
so
that's
like
kind
of
saying,
when
I
set
up
a
server
I
want
to
make
sure
that
sshd
is
only
it
is
not
allowing
root.
Logins
and
I
want
to
make
sure
that
I
got
all
servers
and
I
want
to
make
sure
that
the
root
always
has
to
have
a
password
right.
A
B
B
You
know
into
like
a
deeper
menu,
and
you
know
you
want
everything
in
security
in
one
place
and
I
think
you
know
that's
kind
of
what
I'm
highlighting
there
like
when
I
click
on
that
you
see
all
the
security
so
like
when
I
do
the
next
video
about
like
dependency
scanning,
you
I'll
go
into
the
dependency
list
there.
If
I
do
the
next
one
about
security
dashboard,
so
you
can
see
that
all
this
is
like
it
in
common
place
right.
A
What
was
the
intent
here,
I
get
that
when
you're
actively
looking
at
a
project
to
work
on
stuff
being
able,
if
you
have
permissions
being
able
to
make
tweaks
to
the
policy
from
here
makes
sense,
but
they,
but
you
know
why
would
we
have
a
project
settings
for
license
management
where
you
can
do
all
this
stuff
and
have
it
here
if
our
intent
is
for
everybody
to
come
here
to
do
it?
Yeah.
B
A
Then
why
wouldn't
you
put
kubernetes
settings
up
by
the
kubernetes,
so
I
guess
you
kind
of
have
that?
Actually
so,
and
my
point
is
that
you
can
end
up
with
like
moving
all
the
stuff
from
configurations
up
to
you
know
to
a
particular
menu
right,
I
mean
I,
get
like
license
compliance,
and
you
know
what's
up
there,
but
right
there
is
yeah.
It
is
a
bit
deeper
here,
right,
I
think
it's
undersea
ICD!
A
B
A
Okay,
so
let's
do
this,
that's
that's,
probably
a
different
discussion
in
general
that
should
be
had
not
between
us
but
with
the
UX
team
and
the
product
team.
But
let's
do
this
I
think
the
the
thing
that
got
me
into
this
was-
and
maybe
it's
just
maybe
in
dense,
but
when
we
started
this
something
done
by
those
security.
Well,
we
started
this
section
I
heard
youhere
on
131
yeah.
This
is
license
compliance
like
setting
policies
right
and.
B
A
A
Don't
we
have
to
figure
out
something
to
just
make
sure
that
by
the
time
I
get
here,
it's
I
am
I'm
a
security
person
or
whatever
a
legal
person
defining
license
policy
still
I'm,
not
sure
how
to
explain
it
because
you're
right,
you
do
have
the
title
that
says
that,
but
maybe
you
do,
as
you
say,
another
part
of
defining
the
policy,
because
this
is
actually
not
defining
the
policy.
This
is
just
seeing
what
we
have,
but
maybe.
B
A
B
A
That's
that's
the
problem
right.
This
isn't
part
of
the
configure
set
up
right,
dude,
there's
no
button
here
for
me
to
say:
yeah
I'll
go
ahead
and
add
that
right,
if
there
was
then
that
would
make
sense
and
I
guess
technically
you
could
click
on
this
and
it'll
come
up
and
it'll,
let
you
say
add
right,
which
is
probably
why
that's
here
but
I'm,
not
seeing
that
what
I'm
hearing
and
seeing
is
this
particular
project?
Here's
what
our
scans
found
right.
A
A
So
so,
maybe
maybe
either,
if
you're
going
to
show
this
part,
go
into
it
and
show
how
you
can
add
a
license
that
you
know
you
can
again
with
permissions
as
I'm
configuring,
like
maybe
there's
two
ways
for
me
to
define
policy
on
this
one
is
to
see
what
licenses
we
currently
have
and
then
to
you
know
pick
you
know
to
either
say
allow
or
deny
the
other
is
to
go
to
here
to
the
policy.
You
know
just
set
the
policy
directly
and
put
the
license
in
and
then
add
it
as
a
general
policy.
Okay,.
B
No
I
see
it
so
now
then
go
back
to
the
back
a
little
bit
so
I,
don't
I,
don't
kind
I
kind
of
don't
want
to
click
on
it
and
do
that
and
the
reason
being
is
because
these
are,
there
should
have
already
been
a
policy
set
before
I
merge
them.
Some
astronaut
I'm
thinking
about
it
right.
So
I
don't
want
to
say
like
oh
now,
these
have
already
been
merged,
so
our
whole
project
is
already
messed
up.
So
let
me
click
on
it,
but
denies
right.
A
B
Auditing
purposes
to
see
what's
already
in
your
project
right,
so
I
can
say
that
that
this
part
is
helpful
to
audit
for
security
professional,
to
go
ahead
and
audit
right,
the
what's
currently
in
the
system
and
then
I
can
transition
and
then
also
based
off
of
that
you
know
they
can
start
building
policies
for,
for
you
know
what
licenses
should
and
shouldn't
be
part
of
it.
A
B
Yeah
yeah
I
guess
it
could
be
in
that
site:
I
mean
yeah.
It
could
be
in
that
section,
so
I
can
cut.
I
can
move
that
over
that
section
and
then
say
it
like
secured
someone
with
the
correct
permissions
like
someone
from
the
security
team
or
legal
can,
can
you
know
overview
everything,
that's
in
the
master
branch
to
audit?
What's
in
the
project
already
I
can
Bennigan's
yeah.
A
Yeah,
so
that's
actually
just
it's
a
header,
that's
just
missing
right,
because
it's
kind
of
like
going
to
the
security
dashboard
right.
This
is
going
to
the
license
compliance
dashboard
right.
So
it's
actually
not
this
session,
because
this
section
is
talking
about
when
I'm
like
doing
my
code
and
I
get
my
pipeline
back
and
I'm
looking
to
see
if
I,
you
know,
if
I
tripped
any
licensee
if
I
added
any
bad
licenses
right,
so
this
is
kind
of
the
practitioner,
the
developer,
etc,
but
yeah
so
you're.
A
We're
missing
this
if
I'm,
if
I
want
to
like,
if
I'm
the
development
lead
right
and
I'm
about
to
release
us
to
the
world
or
whatever
and
say
we're
done,
maybe
I
want
to
do
that.
Check
we're
on
the
security
guy
or
legal
and
I
want
to
see
ya
the
overall
status
of
our
license
usage
for
this
project.
Are
we
legit
right,
although,
interestingly,
this
doesn't
show
you
X's
and
O's
right
so
that
they're,
red
and
red
and
green?
A
A
B
A
B
A
A
So
almost
there
is
a
good
to
point
out,
but
you
said
you
can
set
up
license
for
the
merge
request
approvals,
and
then
you
moved
on
I'm
thinking.
Maybe
you
can
set
up
different
licenses
for
the
merger
cursory
different
rules
for
the
merger
quest
approvals
to
determine
what
should
happen
of
license
compliance
detects,
unwanted
licenses
or
something
right
like
like
there's
all
right,
just
to
give
a
little
more
like
okay.
Why
would
I
want
to
do
that
because
remember
you're,
educating
right.
A
All
of
this
by
the
way
is
with
that
earlier
caveat
of
don't
show,
educate
right,
so
put
it
in
the
context
of
what
what
you
should
be
looking
for,
what
is
helpful
to
have,
except
for
last
one
play
plan
set
up
in
configuration.
Oh
yeah,
this
title
is
kind
of
confusing
because
it's
still
not
about
the
pipeline
pipeline
is
the
sub
header.
This
is,
and
you
can't
just
say,
set
up
a
configuration,
but
this
is
and
I
know.
A
B
A
A
Alright,
that's
the
set
of
them.
I
think
this
is
awesome.
I!
Think
it's
really
good,
like
I
said
you
could
like
it
is
I
like
how
this
comes
in
and
you
don't
license
and
you
don't
read
it,
but
if
I
read
through
it
myself,
it's
like
oh
yeah
as
an
educational
thing.
I
should
be
scanning
dependencies
for
licenses
I.
Should
you
know
these
are
all
things
that
I
should
be
doing
right,
so
this
actually
fits
in
perfectly
with
like
what
we're
trying
to
do,
which
is
like
here's.
Here's
the
takeaway
from
this
lesson.