►
From YouTube: Threat Management Community Office Hours
Description
This is the second Office Hours held by the Threat Management team to talk with Community Contributors about getting involved in developing our area of the product. More details, including the complete agenda & helpful links, can be found here: https://gitlab.com/gitlab-org/threat-management/general/-/issues/743
A
Welcome
to
the
second
bi-quarterly
threat
management
community
office
hours,
we're
here
to
help
any
community
contributors
who
are
interested
in
looking
at
the
threat
management
portions
of
the
gitlab
product.
So
that
would
be
the
threat
insights
group
around
the
security
dashboards,
the
mr
pipeline
widget
to
the
security
information
displayed
to
customers.
In
the
mr
view-
and
ideally,
we
will
eventually
be
talking
about
container
security
and
aspects
of
developing
with
container
security,
but
unfortunately
we
don't
have
any
developers
on
the
call
today
with
a
lot
of
experience
in
that
area.
A
B
A
So
this
is
the
second
of
these
community
office
hours
and
I
don't
know
if
we
need
to
recap
a
lot
of
what
thiago
and
alan
talked
about
a
month
ago.
So
I
did
share
the
recording
of
the
previous
office
hours.
I
encourage
anyone
who's
watching
this,
to
take
a
look
at
that,
but
I
will
recap
some
of
the
items
that
they
discussed
there.
A
That's
just
your
general
development
environment,
all
of
the
dependencies,
all
of
the
libraries
that
you
need
and
then
on
top
of
that
gitlab
runner
allows
you
to
run
the
ci
cd
jobs
within
gitlab.
So
I
know
this
has
changed
recently
and
I
didn't
update
this
ticket
to
reflect
it
alexander.
We
had
an
issue
in
the
last
milestone
around
seating
projects
so
that
you
don't
necessarily
need
to
have
the
runner
running
in
order
to
see
all
of
the
security
dashboards.
B
No,
I
have
not
I
I
do
not
remember
the
the
progress
that's
been
made
with
that.
A
I
bet
I
can
find
it
right
here
and
I
will
update
this
issue
with
the
outcome
of
that,
so
this
has
been
closed
and
this
should
make
it
easier
for
community
contributors
or
other
people,
like
maybe
our
ux
designer
or
our
technical
writers,
to
be
able
to
run
gitlab
locally
and
see
the
security
dashboards
without
having
gitlab
runner
without
needing
it
to
be
healthy
and
running
alongside
the
gdk.
I
don't
believe
this
solves
that
problem
for
the
mr
widget.
A
There
was
a
great
blog
that
was
shared
recently
that
I
think
any
community
contributor
who
is
just
getting
started
would
benefit
from
greatly
to
read
so
I've
linked
that
here
it
was
written
by
one
of
our
developers
here
at
git
lab,
and
it
really
takes
you
through.
You
know
some
of
the
links
that
I
was
just
sharing
with
you
around
getting
your
environment
set
up
as
well.
As
you
know,
some
of
the
processes
that
we
have
around
our
product,
development,
workflow
and
then.
Finally,
we
have
a
select
channel
for
community
contributors.
A
A
Okay,
I'm
talking
a
lot
alexander.
A
Alexander,
do
you
have
anything
that
you
want
to
add
to
sort
of
the
getting
started,
tips
and
steps.
B
If
I
one
thing
I
want
to
make
sure
everybody
knows,
is
that
the
gdk
and
the
runners
can
be
finicky
and
it
can
be
difficult
for
even
us
here
who
work
on
it
every
day
for
many
hours
a
day,
and
so,
if
you
run
into
problems
just
know
you're
not
alone,
we
are
probably
running
into
problems
as
well
and
definitely
feel
free
to
reach
out.
If
you
know
you
you've
tried
everything,
you
know
how
to
try
and
you
just
need
some
extra
assistance.
A
A
second
that
and
not
everyone
has
a
resource
like
alexander
who's.
The
first
person
I
go
to
to
ask
about
gdk
problems
so
be
sure
you
be
sure
to
go
to
the
get
beginners
slack
channel.
I
think
that's
a
great
place
to
go.
Additionally,
though,
just
googling
get
lab,
troubleshooting
gdk,
there's
a
wealth
of
information
out
there
for
you.
A
Just
given
how
transparent
gitlab
is,
you'll
find
a
lot
of
discussions,
issues
blog
posts,
documentation
yeah,
so
I'm
gonna
actually
skip
really
quickly
to
number
four,
because
I
think
that's
a
good
segue
into
some
of
the
documentation
that
we've
created
to
try
and
assist
some
of
our
community
contributors
to
answer
questions
asynchronously.
A
A
So
in
order
to
do
that,
you
need
to
have
both
the
right
license
associated
with
your
user,
and
we
can
help
you
with
that.
There's
some
instructions
on
the
community
contributor,
how-to
pages
for
how
to
handle
the
license
ray
used
to
be
a
good
contact
for
that.
So
please,
please,
post
in
the
getter
slack
channel.
If
you
run
into
any
problems
with
your
license,
you
basically,
I
think,
alexander.
You
helped
one
of
our
contributors
of
this
previously.
Was
it
a
30-day
free
trial
that
gets
extended.
B
Yes
correct,
so
you
start
off
with
a
30-day
free
trial
and
then,
as
you
continue
to
work,
contribute
to
gitlab
then
we'll
extend
that
as
needed.
A
Okay,
so
I'm
not
going
to
read
all
of
these
questions,
so
I
just
wanted
to
point
this
out
as
a
resource
for
everybody,
and
I
think
I
will
add
the
three
questions
that
we
have
in
the
agenda
from
our
meeting
today.
The
recap
of
the
the
discussion
here
to
this
as
well-
and
I
believe,
there's
one
more
snippet
you
and
I
talked
about
this
last
week,
alexander-
that
I'd
meant
to
link
to
this-
that
either
you
or
daniel
created
that
had
some
more
steps
for.
A
Oh,
it
was
the
dismissing
of
vulnerability
with
an
mr
right,
the
auto
remediation
steps,
so
we've
got
some
use
cases
of
data,
that's
fairly
specific
to
certain
vulnerability
types
that
allows
you
to
expose
some
different
features
in
our
ui.
The
ability
to
create
an
mr
directly
from
a
vulnerability
is
what
I'm
talking
about
specifically,
which
requires
some
more
complex
instructions.
So
I
will
link.
We
will
link
that
here
as
well
to
help
in
any
cases
someone
picks
up
issues
around
that
area.
A
Okay,
all
right.
So
the
final
thing
that
I
wanted
to
do
before
I
hand
it
over
to
alexander
to
address
some
of
the
questions
that
justin
has
pre-submitted
for
us
was
take
a
quick
look
at
our
workflow
board,
so
this
board
is
filtered
to
the
threat.
Insights
group
and
I've
actually
also
added
the
filter
for
good
for
new
contributors.
So
this
label
is
added
to
issues
as
we
identify
them
being
something
that
somebody
who
is
pretty
new
to
contributing
to
gitlab
could
pick
up
so
for
a
community
contributor
who's
been
contributing
for
longer.
A
A
All
of
the
workflow
steps
prior
to
refinement
are
typically
handled
by
our
product
managers
and
our
engineering
managers
and
our
ux
designers.
So
that's
why
I
had
these
collapse.
To
begin
with,
I
think
that
any
community
contributor
who
comes
in
to
look
at
this
board
could
ignore
those
items
and
really
start
to
look
at
the
items
that
are
in
refinement
or
ready
for
development
refinement
is
something
that
could
be
very
helpful
and
that
the
engineers
look
at
the
issues
in
advance
and
give
an
implementation
plan
and
additional
information
to
help,
whoever
picks
up
that
issue.
A
I
would
say
that
I
would
encourage
you
to
ask
questions
in
the
issue
if
it's
something
that
you're
interested
in
working
on
and
it's
in
the
refinement
state
that
way
the
engineer,
who's
refining
it
can,
let
you
know
if
they
think
it's
ready
to
be
picked
up,
answer
some
of
your
questions
or
tell
you
that
you
should
wait
for
a
little
while
until
they've
got
all
of
the
details
ironed
out
in
that
issue,
but
once
something's
in
ready
for
development.
A
That's
up
for
grabs-
and
you
can
see
here-
this
is
not
filtered
on
any
milestone.
So
these
are
all
of
the
issues
for
thread,
insights
that
are
good
for
new
contributors
and
any
of
our
upcoming
milestones.
A
A
lot
of
these
are
front-end
issues.
I
don't
see
a
lot
of
back
end
issues,
but
I
do
want
to
highlight
that
we
have
labels
that
let
you
filter
between
front
end
and
back
end.
So
if
you
were
coming
in
as
a
front-end
developer,
you
could
add
this
front-end
label
and
then
restrict
the
issues
that
you
see
in
the
list.
Just
to
those
issues
that
you
might
be
more
interested
in
right
now,
we
do
have
a
number
of
issues
around
our
graphql
migration
of
our
vulnerability,
details
page.
A
That
would
be
great
for
anyone
who
has
a
bit
of
graphql
experience
to
pick
up
or
would
like
to
gain
some
of
that
experience.
So
these
are
all
fairly
small
issues.
Sometimes
you'll
also
see
follow-ups.
So
these
are
both
follow-ups
from
previous,
mrs,
that
other
engineers
have
worked
to
merge
and
there
was
feedback
from
a
reviewer
or
a
maintainer
that
didn't
need
to
be
handled
right
at
that
moment.
A
So
we
create
follow-up
issues,
so
these
are
also
great
issues
for
community
contributors
to
pick
up,
because
they're
not
they're,
not
new,
feature
development
that
one
of
our
product
managers
might
be
waiting
for
they're,
usually
a
bit
more
straightforward
and
have
a
good
amount
of
context
about
where,
in
the
code
you're
going
to
go
to
make
that
change.
A
One
thing
to
call
out
that
was
news
to
me
when
we
started
working
with
the
great
community
contributors
that
we
get,
that
we
have
worked
with
threat
management
is
that
community
contributors
can't
assign
issues
to
themselves.
You
can't
do
anything
except
comment
on
an
issue,
so
when
you
do
find
an
issue,
that's
interesting
put
a
comment
in,
say:
you're
interested
in
it
and
someone
like
myself
or
alexander
or
thiago,
or
someone
else
on
the
threat
management
team
will
help
you.
So
we
will
see
that
comment.
We
will
assign
it
to
you.
A
A
B
Thank
you
lindsay.
I
want
to
preface
this
sort
of
walk
through
with
again
that
I
work
primarily
on
the
front
end
here
on
the
therm
management
team,
and
so
the
workflows
that
I
will
be
demonstrating
are
very
front
end
focused.
I
will
dive
a
little
bit
into
the
back
end
as
I've
learned
it
since
starting
here,
but
justin.
I
apologize.
If
this
you
want
a
more
back
end
focused
walk
through
here,
so
I
will
share
my
screen
now.
B
Cool,
so
let
me
make
sure
you
get
the
right
desktop
here
cool.
You
can
see
my
vs
code
window,
yes,
cool,
excellent,
okay,
so,
as
it
was
mentioned,
the
parts
of
the
app
that
our
team
or
threat
management
deals
with
is
when
you
go
into
a
project
and
you
go
into
security
and
compliance
sidebar
and
the
secure
dashboard.
B
That
is
what
we
own
this
portion,
we
own
clicking
on
a
vulnerability
and
seeing
all
the
details
about
it,
we
see
we're
also
responsible
for
the
group
and
instance
level
dashboards
or
security
centers
as
well
as,
if
you
go
into
a
pipeline.
You
view
the
security
tab,
here's
another
list
of
vulnerabilities.
If
you
click
on
select
one
of
these,
a
modal
pops
up.
This
is
all
of
our
domain.
B
And
then,
if
you
go
into
an
merge
request,
there
will
be
a
security
section
and
that
also
lists
out
the
vulnerabilities.
This
is
another
thing
we
own,
so
those
are
the
sort
of
the
four
main
sections
and
I'm
going
to
show
you
where
all
that
code
lives
here
in
vs
code.
So
the
first
one
I
mentioned
was
the
security
dashboard
that
that
is
located
here
in
the
the
path
ee.
B
You
can
see
the
path
above
here,
but
basically
the
a
common
occurrence
is
all
these
security
features
are
for
higher
level
tiers
of
gitlab,
so
gold
and
ultimate,
and
so
they
will
all
of
them
primarily
live
in
the
first
in
the
ee
subdomain,
the
the
open
more
you
know,
free
version
components
live
in
app
just
app
instead
of
ee.
That's
right
here,
but
so
you
always
remember
like
if
you're
looking
for
a
path,
it
should
start
with
ee
inside
of
our
code
base.
B
B
The
next
one
is
the
details
page
that
I
selected,
and
that
is
similarly
an
ee
and
then
vulnerabilities
the
and
that's
where
all
the
this,
this
repo
is
where
all
the
the
detail
page
real
vulnerabilities
live.
I
should
oh,
I
have
an
idea
I'll
do
a
split
screen.
Okay,
so
everything
for
the
security
dashboards
lives
in
this
repo,
the
security
dashboard
repo.
B
Everything
in
the
details
page
here
lives
at
the
vulnerabilities
repo
here.
So
you
see
the
footer,
the
header.
B
Footers
everything
below
the
related
issues,
headers
up
here,
details
that's
in
there
and
then
for
the
pipeline.
That's
going
to
live
in
the
security
reports
repo
here
so
vulnerability.
Details
is
for
the
modal,
but
you
see
some
modal
components
here
and
that's
in
security
reports
and
then
the
pipeline
or
the
mr
widget
lives
also
in
the
security
of
reports,
but
also
because
the
mrs
are
also
a
free
version
or
a
free
feature.
B
Some
of
it
also
lives
in
the
non-ee
section,
so
you'd
find
sort
of
these
like
report
blocks
in
like
app,
and
then
reports
section
repo
here
and
so
what
was
the
question
I
feel
like?
I
lost
the
thread
here.
No.
A
B
Cool
and
so
so,
that's
mainly
the
front
end,
and
you
know
these
repos
are
broken
down
into
components.
So
that's
where
you're
going
to
have
all
your
view,
view
logic
and
then
they'll
also
have
a
graphql
directory,
which
is,
as
you
expect,
is
the
graphql
queries
and
mutations
the
store
for
if
some
of
our
pages
still
are
using
ux,
instead
of
relying
solely
on
graphql.
B
That's
where
you'll
find
all
the
ux
information
and
then
utils
for
miscellaneous
functions
that
we
didn't
think
necessarily
lived
in
the
components
the
next
and
then
so.
That's
the
front
end
and
moving
slightly
to
the
back
end.
We
basically
how
this
works
is.
Everything
gets
served
up
from
our
ruby
on
rails
side
and
so
starting
from
the
front.
We
have
our
components
and
then
moving
slightly
back.
We
have
we'll
have
these
normally
underscore
knit
files
which
don't
look
like
much.
B
They
basically
start
up,
create
a
new
view
application
and
you
may
be
wondering
oh
well,
where
does
that
get?
Where
does
that
get
initiated?
And
so,
if
we
do
global
search
for
first
class,
init,
initially
you'll
come
to
a
file,
that's
called
like
index.js
or
sometimes
they'll,
be
like
show
and
yeah
like
vulnerabilities
index
index
or
show
index.
B
If
you
know
ruby
on
rails,
you
know
that
these
are
sort
of
common
endpoints,
and
so
this
is
where
the
first,
just
by
like
doing
a
global
search
for
this
class
net
or
this
file
name,
you
we
can
see
that
oh
this
gets
imported
here
and
listens,
does
adds
an
event
listener
here
and,
if
you're,
if
you're,
trying
to
like
copy
pieces
of
code
in
global
search,
this
is
as
far
as
you're
going
to
get,
because
this
doesn't
tell
you
where
in
the
rails,
application
gets
served
up
and
that's
because
in
our
webpack
configuration
we
have
it
set
up
so
that
this
the
path
here
sort
of
the
end
path
here:
maps
to
the
ham,
the
ruby
on
rails,
like
haml
file
that
serves
it
up.
B
B
But
if
you
go
to
ee
app
views
and
then
there's
group
security
vulnerabilities
index,
you
can
see
that
these
sort
of
tail
end
paths
match,
and
this
is
what
webpack
is
doing
or
doing
is
it's
configured
to
look
at
this
path
and
then
match
up
with
this
core
corresponding
path
here,
and
so
this
is
where,
in
here
you
see
that
there's
we
initiate
the
init
method
with
some
element
on
the
page,
js
group
vulnerabilities
and
then
sure
enough
here
in
the
haml
file
gs
group
vulnerabilities.
A
B
Yeah,
it
was
incredibly
difficult
for
me
to
find
it
and
wrap
my
hand
around
it,
but
you
know
from
here.
If
you
know
rails
then
like
this
opens
up
the
floodgates
to
like.
Oh,
this
is
a
view
and
it's
getting
served
up
by
a
controller
somewhere,
and
I
won't
delve
into.
A
B
A
I
feel
like
you
might
have
just
kind
of
hit
on
number
two
question
number
two,
which
was
tips
that
you
can
share
that
you
wish
you
knew
when
you
were
first
familiarizing
yourself
with
the
code
base
so
as
you're
going
through
this
walkthrough.
Any
of
those
other
items
would
be
good
to
highlight
because
I
think
that's
definitely
a
good
one.
B
B
Something
that
I
really
like
is
so
we
import.
We
have
a
lot
of
common
components
that
we
use
throughout
the
app
you
know
just
like
loading,
icons
or
buttons.
You
know
that's
something
that,
like
you,
should
create
once
and
then
you're
done
and
a
lot
of
it
comes
from
git
lab
ui.
If
you
have
not
checked
out,
there's
a
public
link
to
get
what
is
available
and
get
lab
ui
here
at
our
basically,
this
is
our
storybook.
B
We
use
storybook
to
sort
of
house
all
these
components
and
show
them
off,
and
so,
if
you're
ever
like.
Oh
this,
this
issue
wants
me
to
create
a
button
and
like
ins
you
can.
You
can
of
course,
pattern
match
for
the
rest
of
the
application.
But
in
here,
if
you
go
over
our
storybook
look
and
I'll
add
this
to
I'll.
Add
this
to
some
of
our
documentations.
B
First
start
people
starting
here,
but,
like
you,
get
to
view
the
button
you
get
to
see
what
inputs
it
takes
its
configurations
and
you
can
see
how
that
affects.
B
A
B
Yeah
definitely
yeah.
I
definitely
will
do
that.
So
this
is
another
thing
that
I
wish
I
would
have
known
right
off.
The
bat
instead
of
having
having
the
power
match
through
the
application
for
like
oh
apparently
gl
button
is
what
we
use
like.
It
was
great
to
be
able
to
come
here
and
actually
see
and
mess
around
with
the
components
in
the
sandbox,
and
there
is
another
link
that
is
similar,
but
for
css
I
just
thought
of
it.
So
I
don't
have
it
pulled
up
right
away?
Is
it
design
system
pajamas.
B
No
okay,
I'll
I'll,
add
another
link.
There
is
another,
a
link
that
I
use
to
look
at
css.
Our
design
team
has
done
a
great
job
for
putting
all
the
css
for
the
entire
application
in
one
place.
Is
it
this
one?
No,
I
should
just
give
up
on
this
I'll
find
it
later,
but
anyways
they
they
have
all
the
colors
and
the
reasoning
behind
that
listed
out
in
a
very
beautiful
and
intuitive
way,
and
I
would
love
to.
B
I
will
add
that
link
as
well,
because
it's
something
I
use
when
I'm
like.
Oh
what
color
should
this
be,
and
then
I
can
go
there
and
immediately
see
like
oh,
it's
actually
gray.
B
B
You
know
that
we
shy
away
from
creating
specific
classes
that
has
just
a
bunch
of
css
in
it
and
we
opt
into
using
utility
classes
so
that
it's
really
intuitive
what
styling
is
applied
so
like
flex
fill,
or
I
know
that
this
header
has
a
display
flex
and
its
items
are
align
center
and
it's
easy
to
look
at
that
here
and
these
classes
are
easily
visible
from
this
endpoint,
which
basically
outputs
the
utilities
scss
file
from
gitlab
ui,
and
I
can
just
scroll
through
here
and
a
lot
of
times.
B
I
do
oh,
you
know
I
mentioned
great,
I'm
like
oh,
I
want
a
gray
color
and
then
I'll
find
it.
I'm
like.
No,
these
are
background
gray.
Then
I'm
like
maybe
font,
color,
color,
no
it'd
be
just
color
yeah
and
you
can
global
search
here
and
find
the
styles.
You
want.
B
Yeah,
that's
a
really
great
point.
Thank
you
for
bringing
that
up.
I
definitely
do
use
graphical
a
lot
when
I'm
testing
on
my
graphql
queries
you
can
see.
I
already
have.
I
have
some
saved
here
on
the
left
hand
side
it's
it's
so
essential
and
I
love
looking
through
a
schema
a
lot
of
times
these
tickets.
The
issues
get
broken
up
in
such
a
way
where
it's
like.
B
Oh
the
back
end
added
a
graphql
query
and
is
my
job
to
implement
and
you
know
have
a
display
data
in
the
front
and
then
I'm
like.
Oh,
I
wonder
what
they
did
and
I'll
go
in
here
and
I'll
type,
vulnerabilities
and
I'll
scroll
through
here
query.vulnerabilities
gets
the
vulnerabilities
for
an
entire
instance
project.
B
That
vulnerabilities
gets
the
vulnerabilities
for
just
a
project,
and
then
group
vulnerabilities
gets
the
vulnerabilities
just
for
group,
so
I'll
look
into
query
and
you
can
see
it
takes
a
bunch
of
or
what
it
can
take
and
it
should
take
oh
yeah.
It
takes
an
array
of
project
id.
So
this
is
you.
If
you
work,
if
you've
looked
at
the
instance
security
center,
you
know
that
you
can
add
and
remove
projects
as
you're
interested
and
that
basically
updates
the
ids
that
gets
sent
back
here
for
long
abilities
but
anyways.
B
It's
interest,
it's
good
to
like
dig
in
here
and
see
what
accepted
values
are
see
what
again
what
types
they
are.
B
A
Yeah
and
another
question
when
you're
troubleshooting
in
the
browser-
and
this
isn't
specific
to
graphql-
I
think
this
might
be
more
of
a
view.
Question.
Can
you
show
some
of
the
the
handy
browser
tools
that
you
use
the
most
when
you're
troubleshooting?
Maybe
I
know
that
this
doesn't
work
in
production
right?
We
don't.
We
don't
have
everything
turned
on
to
allow
you
to
troubleshoot
all
of
the
ux
the
view
code
in
production,
but
at
least
your
vocal
and
non-prod.
You
can.
B
Yeah,
that's
a
great
point.
I
mentioning
earlier
that
it's
fine
to
have
problems
with
your
gdk.
My
gdk
is
currently
down
and
I
tried
to
get
working
for
this
session,
but
could
not?
I
have
to
do
a
little
bit
more
digging.
I'm
probably
gonna
surf
the
slack
channel.
Hopefully,
someone's
had
this
problem
already
and
I
can
just
copy
what
they
did.
So
I
was
not.
B
I
know
that
you're
just
trying
to
contribute
and
we
really
appreciate
it
and
it
really
stinks
when
you
just
get
caught
up
with
environment
issues,
but
it
happens
to
everyone.
Unfortunately,
so
I
have
staging
up
right
now,
and
that
means
we
do
not.
That
means
that,
like
the
vue
dev
tools
are
not
accessible
right
now
we
turn
that
off
in
our
webpack
config.
But
if
this
was
local,
I
would
be
able
to
go
to
this
page
come
in
here
my
developer
tools
and
there
would
be
a
little
view
tab.
B
I
highly
recom
browser
extension.
I
highly
recommend
you
download
I'd,
be
able
to
click
on
I'd,
be
able
to
look
at
all
the
view,
applications
that
are
running,
which
is
more
than
one
but
then
also
expand
that
look
at
the
components
that
are
showing
previously
and
they
would
highlight
them
on
the
page,
and
we
could
see
the
data
the
props
passed
in
all
that
great
stuff.
B
If
you
don't
have
the
view
browser
extension,
I
can't
recommend
it
enough,
but
one
thing
with
a
larger
application
that
I
always
have
struggle
with
is
say:
I'm
I'm
trying
to
make
a
change
say
like
you're
new
to
this
page.
You
don't
know
where
these
components
are
like
you
know,
justin
asks
this
question
for
a
reason.
It's
because
gitlab
is
massive
and
like.
How
are
you
supposed
to
remember
where
which
reap
or
directories
all
this
stuff
is
in
and
like?
This
is
not
a
non-trivial
path,
it's
all
very
difficult.
B
So
what
I
would
what
I
do
when
I
first
started
is
I
inspected
an
element,
and
you
know
I
would
come
in
here
and
look
I'm
highlighting
a
bunch
of
stuff
and
I
would
look
for
very
specific
wording,
so,
like
vulnerabilities,
countless
as
a
class,
very
specific,
very
easy
global
search.
So
I
would
come
into
here
and
I
would
just
search
for
it-
vulnerability.
B
Countless
yeah
beautiful
okay,
so
it
gives
me
a
few
options
and
from
here
well,
this
is
the
only
one
that
actually
has
countless
this.
Is
it
countless
layout?
No,
it's
countless.
So
this
is
it.
This
is
the
this.
This
is
the
repo
that
or
the
file
that
is
showing
that
countless-
and
this
gives
me
a
great
start
into
figuring
out,
like
orienting
myself
in
the
repo
other
things
I
do.
B
If
I'm
css
styling,
I
do
that
in
inline
first,
so
maybe
five
six
and
I
I
do
it
that
way,
and
then
I
get
the
right
utility
classes
and
then
I
copy
them
over
into
my
component,
any
other
debugging.
If
graphql
is
acting.
What
if
I'm
trying
to
debug
the
graphql
thing,
I
also
have
the
graphql
browser
extension,
let's
that
should
be
working
hold
on
one
second,
that
one's
not
needed,
oh
wait!
Where
would
that
come
from?
B
Luckily,
from
when
I
last
left
and
before
I
updated
my
gek,
I
had
this
tab
open,
which
I
was
debugging
something
with
and
it
hasn't
refreshed
because,
but
my
gdk
is
definitely
not
working
right
now,
and
so
this
is
what
I
was
talking
about
with
the
view
browser
extension,
you
get
all
the
components
you
get
the
data
you
get
what's
computed,
you
can
see,
there's
three
view
apps
on
this
page.
Currently,
where
are
these
other
ones?
B
We
will
never.
I
won't
fall
into
that
trap,
anyways
graphql.
So
if
I
come
back
to
here,
if
I
make
sure
this
is
the
right
one
and
I
refresh
the
page,
I
will
look
in
this
graphql
browser
extension
or
I'll
look
in
the
network,
tab
and
just
search
for
graphql,
and
we
can
see
what
graphql
retrieved
from
the
back
end
zero:
zero,
zero,
zero,
four
zero,
two
okay
great.
So
this
vulnerability
severities
count
matches
this
we're
not
like
modifying
and
under
the
hood.
B
A
No,
I'm
gonna
watch
this
video
several
times
because
I
think
that
you
just
shared
a
lot
of
really
helpful
information
at
a
fairly
fast
pace,
but
that's
okay,
because
it's
on
video
and
that's
where
videos
are
helpful
because
you
can
pause
and
rewind
a
lot
of
good
troubleshooting
and
debugging
tips
code
insight
how
to
find
the
code
you're
looking
to
change,
which
I
think
is
a
challenge
in
any
new
project.
You
start
working
in,
so
I
don't
have
any
more
questions.
A
B
Great,
I'm
glad
other
tips.
A
B
A
Do
you
have
any
questions?
Is
there
anything
that,
as
someone
who's,
the
content
is
new
to
you
that
you
know,
but
that
you
want
to
ask
at
all
since
you're
here
with
us.
C
I
know
you
mentioned
keeping
gdk
up
can
be
a
little
bit
challenging.
Do
you
have
any
tips
on
how
to
do
that
or
how
to
you
know
any
any
gotchas
or
pitfalls
to
avoid
and
either
setting
it
up
or
keeping
it
running,
perhaps
fine
print
in
the
instructions,
but
you
know
I
know
when
I
follow
instructions.
I
sometimes
miss
steps.
If
they're
not
like
folded
or
jumping
out
to
me,
you
know:
are
there
any
things
that
are
you
know
kind
of
critical
as
part
of
that.
B
Yeah,
that
is
a
great
question
and
unfortunately,
it's
not
straightforward.
There's
no
silver
bullet
to
like
always
have
your
gdk
in
perfect
health
or
to
fix
it,
as
as
I
have
shown
here
like
I
am
using
staging,
because
I
was
working
on
it
for
a
half
hour
before
this
meeting
and
I
was
like
man,
I'm
not
gonna
dang
it.
I'm
not
gonna,
be
able
to
show
my
local
environment,
but
I
would
what
I
would
say
is
you
know:
gdk
update,
gk,
reconfigure,
gdk
start
those
are
sort
of
my
go
to
I'm.
A
Just
showing
a
random
document,
because
it's
exact
I
take
alexander's
troubleshooting
for
the
gdk
very
seriously,
and
here
are
my
notes
directly
from
troubleshooting
sessions
that
I've
had
with
alexander,
which
we
can
add
somewhere
if
that's
helpful,
but
you
know
it's
really
just
that
you
know
start
with
a
gdk
update.
If
that
doesn't
work,
do
your
gdk
reconfigure
there's
a
few
steps
that
you
need
to
follow?
If
you
do
that,
I
throw
gdk
doctors
around
like
crazy.
I
don't
actually
know
what
it
does.
B
Yeah
yeah,
that
that's
great
you
should
you
should
be
throwing
gdk
doctors
around.
They
do
nothing
but
tell
you
if
something's
wrong
right.
Unfortunately,
a
lot
of
times.
If
something
is
wrong
and
gdk
doctor
may
not
catch
it,
it's
not
perfect
and
so
sometimes
you're
like
well.
It's
not
working
but
gk
doctor
says
there's
something
wrong
and
I
know
that's
just
not
true
so
take
that
with
a
grain
of
salt.
Yeah
always
remember
to
start
your
doctor
machine
up.
That
is
that's.
B
And
let
me
tell
you
if
their
hours
have
been
lost
to
me
being
like.
Why
is
this
working?
I've
restarted
my
computer
and
it's
like
oh
yeah.
I
need
to
start
a
docker
machine.
It
was,
I
know
when
I
first
started
here.
I
basically
never
turned
it
off
and
then
the
first
time
I
restarted
my
computer,
I
completely
forgot,
and
it
was
terrible.
Yeah
update
and
configure
are
good
and
I
think,
what's
imp.
One
thing
that's
important
is
like
you,
you
cannot
just
blindly
run
gdk
update
or
gdk
configure.
B
You
should
be
looking
at
the
latest
output
from
it.
So,
for
example,
actually
let
me
share
my
screen
again.
B
B
There
were
some
issues
with
that,
but
actually
reading
what
the
error
was
is
useful,
and
I
know
that
sounds
sort
of
straightforward,
but
I
know
I
am
so
used
to
just
like
writing
scripts
and
like
it
takes
a
little
bit.
So
you
like
run
this
and
you
won't
go
away
and
you
look
at
an
issue
or
something
you
come
back.
You're
like.
Oh,
is
that
working
and
sometimes
it
is
sometimes
it's
not
so
any
other
pro
tips
now
or
don't
be
afraid
to
ask
someone
for
help.
B
A
And
usually,
if
you
just
search
for
your
error,
especially
in
the
gdk
channel,
someone
else
within
the
last
couple
of
weeks
has
experienced
that
and
you
can
follow
the
conversation
and
instructions
that
that
person
went
through
and
night.
For
me,
let's
say
seven
times
out
of
ten.
That
has
helped
me
resolve
my
problem.
B
Yeah,
I'm
always
going
through
the
slack
channel
be
like
someone's
had
like
that's
what
I'm
actually
probably
gonna
do
after
seeing
is
I'm
gonna
take
that
error
message?
I'm
gonna
go
to
the
gk
channel
and
hopefully
someone's
like
hey
anyone
encounter
this
and
there's
a
silver
bullet
in
there.
For
me,.
A
A
So
there's
another,
you
know,
there's
also
the
gitlab
gitlab
compose
kit,
but
I
think
that's
mostly
for
linux
users,
if
I
understand
correctly,
but
I
know
it's
supposed
to
be
more
lightweight
so
hi
jen.
Thank
you
for
joining
us
yeah,
I'm
so
excited
to
be
here,
unfortunately,
we're
getting
close
to
the
end
of
our
discussion,
but
we
have
been
recording
and
we
will
definitely
be
sharing
it
since
we
have
you
here
and
we
are,
you
know,
wrapping
up
like
I
said
what
kind
of
questions
did
you
come
with
in
mind
today.
D
D
One
end
good
to
get
started
and
sort
of
orient
on
the
code
base.
A
Cool,
so
I'm
going
to
do
a
very
quick
share
of
the
board
that
I
shared
earlier
in
the
call
sam
and
alexander
since
we've
been
through
some
of
this
content.
A
A
So
this
issue
board
is
specific
to
the
threat
insights
group.
So
we
do
have
within
threat
management,
which
is
our
larger
sub
department.
We
have
container
security
which
focuses
a
lot
on
like
kubernetes
security,
like
network
policies
and
things
like
that,
and
then
we
have
threat
insights,
which
is
what
we're
talking
about
more
today.
So
threat
insights
is
about
our
security
dashboards,
so
just
to
illustrate
I'll
just
it's
so
great
to
be
in
our
product
all
the
time
and
just
be
able
to
show
it
with
one
click.
A
So
when
I
mean
security
dashboards,
I'm
talking
about
this
is
our
group
level
security
dashboard.
So
it's
going
to
show
the
vulnerabilities.
Oh,
it's
slow
right
now.
For
some
reason
it
might
be
my
internet,
the
vulnerabilities
for
this
particular
project.
Oh
this,
isn't
I'm
not
at
the
project
level.
Sorry
this
is
the
group
level
so
for
the
projects
within
this
gitlab.org
group,
as
well
as
this
vulnerability
list.
A
So
our
part
of
the
product
is
all
focused
around
the
security
management.
Vulnerability
management
is
the
area
that
we
that
we
maintain
and
I
apologize.
I
don't
know
why
everything's
so
slow
all
of
a
sudden,
and
so
this
we've
got
three
different
versions
of
this
dashboard:
a
group
level,
an
instance
level
and
a
project
level.
A
So
you
can
see
kind
of
different
levels
of
granularity
if
it's
just
one
project
you're
looking
for
a
group
of
projects
or
your
whole
gitlab
instance,
and
then
all
of
the
details
for
each
of
these
vulnerabilities
another
place
that
you
can
see
this
information,
which
is
going
to
be
a
little
hard
because
I
don't
have
a
tab
open.
An
example
is,
if
you
submit
an
mr
and
you're
running
security
scans
in
your
ci
cd
pipeline.
We
show
security
results
at
the
mr
view
as
well.
A
So
that's
just
to
give
you
a
little
bit
of
high
level
of
these
are
the
parts
of
the
application
that
our
team
owns
and
that's
what's
represented
here
on
this
board.
So
to
your
point
before
about
it's
sort
of
hard
to
find
the
best
first
issues
to
pick
up,
we
have
a
label
that
get
lab
ads
to
try
and
help
you
identify.
Those
issues
is
which
is
this
good
for
new
contributors.
A
So
the
link
that
I
provided
in
the
issue
is
all
of
the
threat,
insights
issues
that
we've
deemed
good
for
new
contributors,
and
I
think
we
could
be
adding
more
of
these
labels.
The
engineering
managers
typically
add
them.
As
issues
are
created,
you
can
see
right
now.
We
have
a
bunch
of
front-end
issues,
but
not
quite
as
many
back-end
issues.
So
what
you're
seeing
here
is
our
product
workflow.
If
I
expand
all
of
these,
you
can
see
our
product
workflow
works
from
left
to
right.
A
All
of
these
first
anything
that
doesn't
have
a
product
workflow
will
end
up
in
this
ambiguous,
open
column,
but
you
know
our
ux
designers
will
start
with
the
process
of
design.
They
will
work
with
our
you
know,
customer
base
and
user
testing
to
validate
their
solution,
and
then
they
work
with
the
engineering
team.
You
can
see
those
definitions
over
them
to
break
down
this
work
and
then
we,
as
a
team,
start
to
refine
it.
So
I
really
think
that
the
best
place
to
look
would
be
this
ready
for
development
column.
A
But
if
you
do
see
items
under
refinement
that
you
think
are
interesting,
I
would
encourage
you
to
put
a
comment
in
it
and
ask
the
engineer
who
is
refining
it.
You
know.
Is
this
ready
to
go?
I
think
I
can
totally
do
this,
so
these
are
really
the
two
big
columns.
Since
you
said
you
were
looking
mostly
at
front
end
type
work.
A
We
do
have
a
front
end
and
a
back
end
label
that
helps
you
filter
it
down
a
little
bit
more,
so
just
adding
that
front-end
label
will
give
you
even
more
refined
lists,
and
you
can
see
now
when
they're
ready
for
development.
You
know,
we've
got
a
number
of
issues
here
that
are
around
a
graphql,
a
graphql
migration
of
this
page
right
here.
So
this
page
is
currently
using
a
rest
endpoint
and
we
have.
Our
back-end
team
has
already
built
out
the
graphql
mutations
for
queries.
A
So
we
just
want
to
update
that
page
to
use
them,
and
we
have
a
number
of
issues
here.
I
think
five
or
so
that
are
targeted
at
that
graphql
migration,
and
then
we
also
have
what
I
call
what
we
call
follow-ups
so
a
lot
of
times
when
an
engineer
is
merging
changes
and
the
reviewer
or
the
maintainer
has
some
feedback.
That's
not
pressing
for
that
particular
feature.
Release
will
create
a
follow-up
issue
and
that's
what
you
see
in
these
bottom
two
issues.
A
These
are
follow-ups
from
previous
conversations
that
came
out
of
mr
discussions
from
engineers
on
the
team,
so
those
are
fun,
not
fun.
Those
are
good
for
early
community
contributors
because
there's
a
lot
of
context
there.
You
know
it'll,
take
you
to
the
actual
code
that
you
want
to
change.
It's
not
a
feature
enhancement,
so
it's
not
like
there's
a
product
manager
or
a
product,
a
ux
person,
that's
waiting
for
it.
So
does
that
help
at
all
it
does.
Thank
you
so
much
lindsay
yeah.
A
I
don't
want
to
repeat
too
much
for
the
video
and
so
like.
I
said
I
want
to
encourage
you
to
take
a
look
at
it
we
do
have
and
which
is
linked
to
here,
we're
building
out
a
snippet
to
try
to
help
put
together
some
answers
to
a
lot
of
these
questions.
That
contributors
have
asked
so
we're
constantly
adding
to
this.
So,
as
you
have
new
questions,
I
encourage
you
to
either
add
them
to
the
the
issue
that
we
were
looking
at
the
one
for
this
office
hours
or
I
think
you'd
have
access.
A
Also
to
add
a
comment
to
this
snippet
that's
linked
to
directly.
Hopefully
your
question
might
be
answered
here.
We've
got
some
regularly
asked
questions
as
well
as
some
troubleshooting
tips
here
but,
like
I
said,
I
think
that
it
really
could
use
some
additional
information
as
we
have
new
community
contributors
and
we
capture
the
types
of
questions
that
that
come
up.
A
Fantastic,
well,
keep
them
in
mind
and
add
anything
that
I
run
into,
and
I
I
I
don't
know
have
you
contributed
at
all
to
gitlab
before
I
haven't
no
okay,
so
I
encourage
you
to
join
the
getters
channel,
as
we
have
a
slack
channel
just
for
community
contributors,
where
you
can
ask
any
questions,
you
know,
there's
gonna
be
a
lot
of
other
community
contributors
there
that
can
help
share
their
experiences
with
you.
We've
got
a
lot
of
get
lab
employees
there
ready
to
answer
your
questions.
A
I
also
link
to
a
blog
on
here
that
I
think
would
be
really
helpful
for
anyone
who's
just
getting
started
at
contributing
to
gitlab.
It
was
written
by
one
of
the
engineers
here
on
the
team
and
I
think
it
does
a
fantastic
job
of
just
walking
you
through
some
of
the
the
setup.
You
know
what
I
was
just
talking
about
around
finding
an
issue
how
you
you
know,
work
your
changes
through
the
pipeline
all
the
way
through
testing,
perfect.
D
Awesome,
well,
I'm
so
excited
that
this
resource
is
available.
This
is
awesome.
D
All
right,
fantastic,
we'll
look
forward
to
watching
the
rest
of
the
video
and
also
looking
forward
to
getting
my
hands
dirty.
A
A
Thank
you
so
much
thanks,
jen.
Thank
you,
alexander,
for
all
of
your
helpful
walk
through
all
the
information
you've
shared
today.
I
will
take
this
recording
and
I
will
post
it
both
to
this
issue
to
the
getters
channel
to
our
community
office.
I
think
we
have
a
youtube
channel
for
these
videos
too.
So
we'll
share
it
as
widely
as
we
can
great.