24 Mar 2021
- 3 participants
- 26 minutes
16 Mar 2021
- 5 participants
- 16 minutes
9 Mar 2021
Topics discussed included community contributions, promotion, hiring, referrals, team building, and a recent outage
- 5 participants
- 18 minutes
2 Mar 2021
- 12 participants
- 31 minutes
5 Feb 2021
Issue: https://gitlab.com/gitlab-org/gitlab/-/issues/299137
Also available with transcript at https://gitlab.zoom.us/rec/play/e6XlY_mvoNFM3-aVtQWKoBcOv0NxyFOb7xYoKhdCfux5k5SjcGoXt6h6jVXabHttlveRY2nfnfRPLrJT.3ajg5AU2IJ2Gyolo?continueMode=true&_x_zm_rtaid=E5s8gXsPRPeiXVHqA7sTrg.1612486799070.3410145e0576a7b55a3267f35dd3558d&_x_zm_rhtaid=344 (internal link)
Also available with transcript at https://gitlab.zoom.us/rec/play/e6XlY_mvoNFM3-aVtQWKoBcOv0NxyFOb7xYoKhdCfux5k5SjcGoXt6h6jVXabHttlveRY2nfnfRPLrJT.3ajg5AU2IJ2Gyolo?continueMode=true&_x_zm_rtaid=E5s8gXsPRPeiXVHqA7sTrg.1612486799070.3410145e0576a7b55a3267f35dd3558d&_x_zm_rhtaid=344 (internal link)
- 4 participants
- 36 minutes
2 Feb 2021
For the "happy path" video, see https://www.youtube.com/watch?v=R2O2Y8_MrQ8
Documentation used:
- https://docs.gitlab.com/ee/user/clusters/applications.html#install-cilium-using-gitlab-cicd
- https://docs.gitlab.com/ee/user/clusters/management_project.html#usage
- https://docs.gitlab.com/ee/user/application_security/threat_monitoring/#container-network-policy
Documentation used:
- https://docs.gitlab.com/ee/user/clusters/applications.html#install-cilium-using-gitlab-cicd
- https://docs.gitlab.com/ee/user/clusters/management_project.html#usage
- https://docs.gitlab.com/ee/user/application_security/threat_monitoring/#container-network-policy
- 3 participants
- 34 minutes
1 Feb 2021
Gitlab GDK:
- https://gitlab.com/gitlab-org/gitlab-development-kit#gitlab-development-kit-gdk
Minikube setup:
- Dev onboarding: https://gitlab.com/gitlab-org/threat-management/onboarding/-/blob/master/.gitlab/issue_templates/ContainerSecurity-TechnicalOnboarding.md#minikube-and-local-registry-on-macos
- Cilium related info: https://docs.cilium.io/en/v1.8/gettingstarted/minikube/#getting-started-using-minikube
- Minikube official docs: https://minikube.sigs.k8s.io/docs/start/
Adding existing cluster to GitLab:
- https://docs.gitlab.com/ee/user/project/clusters/add_remove_clusters.html#existing-kubernetes-cluster
Creating cluster management (GMA v2) project:
- https://docs.gitlab.com/ee/user/clusters/applications.html#usage
Assigning a cluster management project to a cluster:
- https://docs.gitlab.com/ee/user/clusters/management_project.html
Install Cilium and Ingress through GMA v2:
- https://docs.gitlab.com/ee/user/clusters/applications.html#install-cilium-using-gitlab-cicd
- https://docs.gitlab.com/ee/user/clusters/applications.html#install-ingress-using-gitlab-cicd
Managing CiliumNetworkPolicies through Threat Monitoring:
- https://docs.gitlab.com/ee/user/application_security/threat_monitoring/
Environmental variables:
- https://docs.gitlab.com/ee/user/project/clusters/#deployment-variables
- https://gitlab.com/gitlab-org/gitlab-development-kit#gitlab-development-kit-gdk
Minikube setup:
- Dev onboarding: https://gitlab.com/gitlab-org/threat-management/onboarding/-/blob/master/.gitlab/issue_templates/ContainerSecurity-TechnicalOnboarding.md#minikube-and-local-registry-on-macos
- Cilium related info: https://docs.cilium.io/en/v1.8/gettingstarted/minikube/#getting-started-using-minikube
- Minikube official docs: https://minikube.sigs.k8s.io/docs/start/
Adding existing cluster to GitLab:
- https://docs.gitlab.com/ee/user/project/clusters/add_remove_clusters.html#existing-kubernetes-cluster
Creating cluster management (GMA v2) project:
- https://docs.gitlab.com/ee/user/clusters/applications.html#usage
Assigning a cluster management project to a cluster:
- https://docs.gitlab.com/ee/user/clusters/management_project.html
Install Cilium and Ingress through GMA v2:
- https://docs.gitlab.com/ee/user/clusters/applications.html#install-cilium-using-gitlab-cicd
- https://docs.gitlab.com/ee/user/clusters/applications.html#install-ingress-using-gitlab-cicd
Managing CiliumNetworkPolicies through Threat Monitoring:
- https://docs.gitlab.com/ee/user/application_security/threat_monitoring/
Environmental variables:
- https://docs.gitlab.com/ee/user/project/clusters/#deployment-variables
- 1 participant
- 26 minutes
27 Jan 2021
In this video we are explaining the idea of having Security Orchestration Policies as Repository with YAML files instead of other idea to store them in database.
You can read more about that idea here: https://gitlab.com/groups/gitlab-org/-/epics/4598 and the code that was presented during this video is available here: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/52661
You can read more about that idea here: https://gitlab.com/groups/gitlab-org/-/epics/4598 and the code that was presented during this video is available here: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/52661
- 1 participant
- 13 minutes
12 Jan 2021
DAST Project-level Scan Execution Policies (https://gitlab.com/groups/gitlab-org/-/epics/4598)
Spike: How to add a job that doesn't exist in .gitlab-ci.yml to a pipeline (https://gitlab.com/gitlab-org/gitlab/-/issues/280315)
Spike: How to run a scheduled pipeline with one security job (https://gitlab.com/gitlab-org/gitlab/-/issues/280314)
Spike: How can we fail a pipeline depending on conditions set in Scan Result Policy (https://gitlab.com/gitlab-org/gitlab/-/issues/280313)
Spike: How Gitlab configuration inheritance works (https://gitlab.com/gitlab-org/gitlab/-/issues/282420)
Spike: How to add a job that doesn't exist in .gitlab-ci.yml to a pipeline (https://gitlab.com/gitlab-org/gitlab/-/issues/280315)
Spike: How to run a scheduled pipeline with one security job (https://gitlab.com/gitlab-org/gitlab/-/issues/280314)
Spike: How can we fail a pipeline depending on conditions set in Scan Result Policy (https://gitlab.com/gitlab-org/gitlab/-/issues/280313)
Spike: How Gitlab configuration inheritance works (https://gitlab.com/gitlab-org/gitlab/-/issues/282420)
- 2 participants
- 25 minutes
12 Jan 2021
Open office hours for topics related to Threat Management groups - Secure:Threat Insights & Protect:Container Security
- 7 participants
- 50 minutes
17 Dec 2020
Open office hours for topics related to Threat Management groups - Secure:Threat Insights & Protect:Container Security
- 6 participants
- 51 minutes
15 Dec 2020
Open office hours for topics related to Threat Management groups - Secure:Threat Insights & Protect:Container Security
- 5 participants
- 14 minutes
19 Nov 2020
Synchronous discussion to breakdown the work required to implement Generic Security Report Schemas per design issue https://gitlab.com/gitlab-org/gitlab/-/issues/267193
- 5 participants
- 49 minutes
17 Nov 2020
Open office hours for topics related to Threat Management groups - Secure:Threat Insights & Protect:Container Security
- 5 participants
- 25 minutes
8 Nov 2020
This is the first and initial idea to start creating issues in Jira for Vulnerabilities. This is the demo of the functionality currently available only in the code in MR: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/46771
- 1 participant
- 2 minutes
7 Nov 2020
Open office hours for topics related to Threat Management groups - Secure:Threat Insights & Protect:Container Security
- 5 participants
- 55 minutes
13 Oct 2020
Last few minutes of discussion was removed since we discussed orange matters (https://about.gitlab.com/handbook/engineering/security/data-classification-standard.html#orange)
- 5 participants
- 25 minutes
24 Sep 2020
Demo prepared as a part of the proposed solution for https://gitlab.com/gitlab-org/gitlab/-/issues/216983.
In this video we are presenting how to achieve Active Response engine with simple Go application and Falco, that can run scripts that are using ie. kubectl, curl, or any other bash commands.
In this video we are presenting how to achieve Active Response engine with simple Go application and Falco, that can run scripts that are using ie. kubectl, curl, or any other bash commands.
- 1 participant
- 6 minutes
15 Sep 2020
Thank you for watching this preview of the upcoming Secure & Defend Section Public Livestream on 2020-09-17!
- 3 participants
- 14 minutes
28 Aug 2020
2020-08-28 https://gitlab.com/gitlab-org/threat-management/general/-/issues/734
Topics:
1. How to find threat insights and container security issues to work on.
2. What do the Category labels mean.
3. Getting started with Category:Vulnerability Management
Topics:
1. How to find threat insights and container security issues to work on.
2. What do the Category labels mean.
3. Getting started with Category:Vulnerability Management
- 5 participants
- 32 minutes
16 Jul 2020
GitLab provides Cilium as a managed application enabling you to work with Network Policies. Network policies in Kubernetes, detect and block unauthorized network traffic between pods and to/from the Internet.
This video shows Network Policies in action and how you can install Cilium as a GitLab managed application.
Follow @awkwardferny and @gitlab on twitter. 🐦
Installing Cilium as a Gitlab managed application: https://docs.gitlab.com/ee/user/clusters/applications.html#install-cilium-using-gitlab-cicd
RoadMap for Container Network Security: https://about.gitlab.com/direction/defend/container_network_security/
Network Policy Rules: https://kubernetes.io/docs/concepts/services-networking/network-policies/
Get in touch with Sales: http://bit.ly/2IygR7z
This video shows Network Policies in action and how you can install Cilium as a GitLab managed application.
Follow @awkwardferny and @gitlab on twitter. 🐦
Installing Cilium as a Gitlab managed application: https://docs.gitlab.com/ee/user/clusters/applications.html#install-cilium-using-gitlab-cicd
RoadMap for Container Network Security: https://about.gitlab.com/direction/defend/container_network_security/
Network Policy Rules: https://kubernetes.io/docs/concepts/services-networking/network-policies/
Get in touch with Sales: http://bit.ly/2IygR7z
- 1 participant
- 4 minutes
8 Jul 2020
design review for alerts MVC (threats monitoring): https://gitlab.com/groups/gitlab-org/-/epics/3438
- 1 participant
- 6 minutes
2 Jul 2020
Engineers from the Threat Insights group ask Secure engineers about Vulnerability Management related questions.
- 8 participants
- 48 minutes
29 Jun 2020
What is the GitLab CEO shadow program? Why should you apply to participate? How did I see the GitLab values in action?
https://about.gitlab.com/blog/2020/07/08/ceo-shadow-impressions-takeaways/
https://about.gitlab.com/blog/2020/07/08/ceo-shadow-impressions-takeaways/
- 1 participant
- 7 minutes
25 Jun 2020
How to associate a management project with your K8S cluster
Documentation: https://docs.gitlab.com/ee/user/clusters/management_project.html
Documentation: https://docs.gitlab.com/ee/user/clusters/management_project.html
- 1 participant
- 2 minutes
24 Jun 2020
Link to the documentation: https://docs.gitlab.com/ee/user/clusters/applications.html#install-apparmor-using-gitlab-cicd
- 1 participant
- 5 minutes
24 Jun 2020
Documentation: https://docs.gitlab.com/ee/topics/web_application_firewall/
This video demonstrates how to install the Web Application Firewall in logging and blocking modes.
Previous video in the series: https://youtu.be/IN-XGE1X8Mo
OWASP Core Rule Set:
- https://coreruleset.org/
- https://github.com/coreruleset/coreruleset/
This video demonstrates how to install the Web Application Firewall in logging and blocking modes.
Previous video in the series: https://youtu.be/IN-XGE1X8Mo
OWASP Core Rule Set:
- https://coreruleset.org/
- https://github.com/coreruleset/coreruleset/
- 1 participant
- 2 minutes
23 Jun 2020
Weekly meeting for the Secure:Threat Insights (previously Defend:Threat Insights) group
- 5 participants
- 28 minutes
18 Jun 2020
Documentation: https://docs.gitlab.com/ee/topics/web_application_firewall/quick_start_guide.html
All container security features in GitLab require Kubernetes. This video shows how to quickly create a Kubernetes cluster using the WAF Quickstart guide.
All container security features in GitLab require Kubernetes. This video shows how to quickly create a Kubernetes cluster using the WAF Quickstart guide.
- 1 participant
- 2 minutes
16 Jun 2020
This is a demo of the new Container Host Security feature available in GitLab 13.2. The feature embeds Falco to allow security analysts to monitor containers for potentially anomalous behavior and be confident that they were not compromised by a malicious actor.
https://gitlab.com/gitlab-org/gitlab/-/issues/218026
https://gitlab.com/gitlab-org/gitlab/-/issues/218026
- 1 participant
- 11 minutes
15 Jun 2020
This video demos the vulnerabilities over time chart which is going to be re-added in 13.1.
- 1 participant
- 2 minutes
11 Jun 2020
Preview session for the upcoming Secure & Defend Section Group Conversation livestream scheduled for 2020-06-15. Hear updates related to the Secure & Defend stages from David DeSanto, Todd Stadelhofer, and Wayne Haber.
- 3 participants
- 9 minutes
26 May 2020
Issues:
- Create Merge Request from Vulnerability - https://gitlab.com/gitlab-org/gitlab/-/issues/216300
- Download Patch from Vulnerability - https://gitlab.com/gitlab-org/gitlab/-/issues/216300
- Create Merge Request from Vulnerability - https://gitlab.com/gitlab-org/gitlab/-/issues/216300
- Download Patch from Vulnerability - https://gitlab.com/gitlab-org/gitlab/-/issues/216300
- 1 participant
- 3 minutes
26 May 2020
This video is a walkthrough for https://gitlab.com/gitlab-org/gitlab/-/merge_requests/32301
- 1 participant
- 11 minutes
18 May 2020
- 1 participant
- 4 minutes
15 May 2020
Defend:Threat Insights will look to deliver Exportable Group Security reports along with UX enhancements for 13.1.
https://about.gitlab.com/direction/defend/vulnerability_management/
https://about.gitlab.com/direction/defend/vulnerability_management/
- 1 participant
- 7 minutes
20 Apr 2020
An outline of the entire standalone vulnerability feature
Docs:
- https://docs.gitlab.com/ee/user/application_security/security_dashboard/
- https://docs.gitlab.com/ee/user/application_security/vulnerabilities/#standalone-vulnerability-pages
Docs:
- https://docs.gitlab.com/ee/user/application_security/security_dashboard/
- https://docs.gitlab.com/ee/user/application_security/vulnerabilities/#standalone-vulnerability-pages
- 1 participant
- 7 minutes
16 Apr 2020
The Defend:Threat Insights Group is working on Instance-level exportable security reports for 13.0:
https://gitlab.com/groups/gitlab-org/-/boards/1241267?scope=all&utf8=%E2%9C%93&state=opened&label_name[]=devops%3A%3Adefend&label_name[]=direction&label_name[]=group%3A%3Athreat%20insights
https://gitlab.com/groups/gitlab-org/-/boards/1241267?scope=all&utf8=%E2%9C%93&state=opened&label_name[]=devops%3A%3Adefend&label_name[]=direction&label_name[]=group%3A%3Athreat%20insights
- 1 participant
- 5 minutes
9 Apr 2020
Added the multi-dismiss vulnerabilities feature on the the project security dashboard and vulnerability list.
- 1 participant
- 3 minutes
8 Apr 2020
Demos of one of the features prepared for https://gitlab.com/gitlab-org/gitlab/-/issues/213598
MR: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/29140
In this demo we are presenting new fields added to GraphQL API: findings (id, projectFingerprint), createVulnerabilityFeedbackDismissalPath and userPermissions.
MR: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/29150
In this demo we are presenting new mutation added to GraphQL API to Dismiss Vulnerabilities.
MR: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/29140
In this demo we are presenting new fields added to GraphQL API: findings (id, projectFingerprint), createVulnerabilityFeedbackDismissalPath and userPermissions.
MR: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/29150
In this demo we are presenting new mutation added to GraphQL API to Dismiss Vulnerabilities.
- 1 participant
- 5 minutes
7 Apr 2020
The user should only be able to create one issue per vulnerability
- 1 participant
- 2 minutes
3 Apr 2020
# FCV dashboards
## Project security dashboard
This is the most complete dashboard and a lot of what we built here can be re-used on the others.
### Already have
- List
- Filters
- Counts
- Unconfigured state
### Might have
- File path on the vulnerability list
- Filtering for the counts (there’s no backend for this yet)
---
## Group Security Dashboard
This one isn’t too far behind the project dashboard, but does have a few missing features that exist on the current group security dashboard. Most of these are known and were never planned to be part of the MVC
### Already have
- List
### Will have
- Filters
- Unconfigured State
### Might have
- A project filter
- Project path on the vulnerability list
### Won’t have
- Vulnerabilities over time
- Project security status
---
## Instance security dashboard
This is the furthest behind. We don’t currently have all the GraphQL endpoints we need for this, but can still develop the frontend in parallel so we’re ready for them when they do ship.
### Already have
### Will have
- List
- Filters (excluding the project filter)
- Unconfigured state
### Might have
- A project filter
- Project path on the vulnerability list
### Won’t have
- Vulnerabilities over time
- Project security status
---
## General / Vulnerability list
Just a few things that pertain to all the dashboards as they’re features on the vulnerability list.
### Don’t need?
- Pipeline status on the project dashboard
### Won’t have
- Inline linked issues on the vulnerability list (we ran out of time)
- Inline Dismissal comments on the vulnerability list
### Can’t have
- Multiple select dismissals (because we can’t dismiss from the lists any more)
## Project security dashboard
This is the most complete dashboard and a lot of what we built here can be re-used on the others.
### Already have
- List
- Filters
- Counts
- Unconfigured state
### Might have
- File path on the vulnerability list
- Filtering for the counts (there’s no backend for this yet)
---
## Group Security Dashboard
This one isn’t too far behind the project dashboard, but does have a few missing features that exist on the current group security dashboard. Most of these are known and were never planned to be part of the MVC
### Already have
- List
### Will have
- Filters
- Unconfigured State
### Might have
- A project filter
- Project path on the vulnerability list
### Won’t have
- Vulnerabilities over time
- Project security status
---
## Instance security dashboard
This is the furthest behind. We don’t currently have all the GraphQL endpoints we need for this, but can still develop the frontend in parallel so we’re ready for them when they do ship.
### Already have
### Will have
- List
- Filters (excluding the project filter)
- Unconfigured state
### Might have
- A project filter
- Project path on the vulnerability list
### Won’t have
- Vulnerabilities over time
- Project security status
---
## General / Vulnerability list
Just a few things that pertain to all the dashboards as they’re features on the vulnerability list.
### Don’t need?
- Pipeline status on the project dashboard
### Won’t have
- Inline linked issues on the vulnerability list (we ran out of time)
- Inline Dismissal comments on the vulnerability list
### Can’t have
- Multiple select dismissals (because we can’t dismiss from the lists any more)
- 1 participant
- 20 minutes
3 Apr 2020
This is a demo of GitLab's Kubernetes deployment options as well as a discussion of the implications for the Defend roadmap.
Notes: https://docs.google.com/document/d/1OTzDtRV1EOesU_dyrNAUpjibyk0gKUWP5bVrTzTmTw8/edit?usp=sharing
Notes: https://docs.google.com/document/d/1OTzDtRV1EOesU_dyrNAUpjibyk0gKUWP5bVrTzTmTw8/edit?usp=sharing
- 3 participants
- 50 minutes
2 Apr 2020
A short demo for the https://gitlab.com/gitlab-org/gitlab/-/merge_requests/28414 implementation.
- 1 participant
- 3 minutes
1 Apr 2020
A demo of the graphQL based filtering on the project security dashboard
- 1 participant
- 3 minutes
1 Apr 2020
https://about.gitlab.com/blog/2020/04/02/security-trends-in-gitlab-hosted-projects/
Top security risks include using components with known vulnerabilities, XSS, lack of secret management, lack of CSP, CSRF, and SQLi
Top security risks include using components with known vulnerabilities, XSS, lack of secret management, lack of CSP, CSRF, and SQLi
- 1 participant
- 5 minutes
31 Mar 2020
Frontend Engineer Sam Beckham recorded this demo of the integration of our new Standalone Vulnerabilities (AKA "first class vulnerabilities") into our existing Security Dashboards.
https://gitlab.com/gitlab-org/gitlab/-/merge_requests/27820
https://gitlab.com/gitlab-org/gitlab/-/merge_requests/27820
- 1 participant
- 3 minutes
31 Mar 2020
Frontend Engineer Sam Beckham recorded this demo of the new resolution alert component created to notify a user when a vulnerability is resolved on new standalone vulnerability page
https://gitlab.com/gitlab-org/gitlab/-/merge_requests/27696
https://gitlab.com/gitlab-org/gitlab/-/merge_requests/27696
- 1 participant
- 2 minutes
23 Mar 2020
Sam has been working on the Security Dashboard Integration recently. As the task has shown to be bigger than expected, we had a talk/planning on how to divide it so that multiple people can work at the same time on different parts of it.
Here is the MR for the plan we decided to follow during this talk: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/27674
Here is the MR for the plan we decided to follow during this talk: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/27674
- 2 participants
- 28 minutes
17 Mar 2020
Kickoff of Container Security issues planned for the GitLab 12.10 release
https://gitlab.com/gitlab-org/gitlab/-/issues/32365
https://gitlab.com/gitlab-org/gitlab/-/issues/199268
https://gitlab.com/gitlab-org/gitlab/-/issues/199666
https://gitlab.com/gitlab-org/gitlab/-/issues/32365
https://gitlab.com/gitlab-org/gitlab/-/issues/199268
https://gitlab.com/gitlab-org/gitlab/-/issues/199666
- 1 participant
- 3 minutes
16 Mar 2020
Vulnerability Management work continues on standalone vulnerability objects.
https://about.gitlab.com/direction/defend/vulnerability_management/
https://about.gitlab.com/direction/defend/vulnerability_management/
- 1 participant
- 5 minutes
25 Feb 2020
Defend engineers working with PM to breakdown upcoming issues into components, clarify requirements, and identify work boundaries.
- 6 participants
- 30 minutes
25 Feb 2020
Defend engineers working with PM to breakdown upcoming issues into components, clarify requirements, and identify work boundaries.
- 7 participants
- 18 minutes
18 Feb 2020
Defend engineers working with PM to breakdown upcoming issues into components, clarify requirements, and identify work boundaries.
- 7 participants
- 27 minutes
17 Feb 2020
12.9 release kickoff for Threat Management covering the MVC for First Class Vulnerabilities and Exportable project-level Dashboard reports.
- 1 participant
- 8 minutes
16 Feb 2020
Senior frontend engineer Daniel Tian shares a demo of the status header created for the new standalone vulnerability page being developed in the Defend Stage.
- 1 participant
- <1 minute
12 Feb 2020
Defend engineers working with PM to breakdown upcoming issues into components, clarify requirements, and identify work boundaries.
- 7 participants
- 20 minutes
10 Feb 2020
Defend engineers working with PM to breakdown upcoming issues into components, clarify requirements, and identify work boundaries.
- 9 participants
- 32 minutes
5 Feb 2020
Defend engineers working with PM to breakdown upcoming issues into components, clarify requirements, and identify work boundaries.
- 9 participants
- 33 minutes
5 Feb 2020
Defend engineers working with PM to breakdown upcoming issues into components, clarify requirements, and identify work boundaries.
- 7 participants
- 29 minutes
4 Feb 2020
This is a demo of the new Container Network Security feature available in GitLab 12.8. The feature embeds Cilium to allow users to write NetworkPolicy rules that can restrict traffic between Kubernetes pods in a GitLab managed deployment.
- 2 participants
- 8 minutes
27 Jan 2020
Includes a demo at the beginning of the current state of first-class vulnerabilities: https://gitlab.com/gitlab-org/gitlab/issues/13561
- 6 participants
- 31 minutes
20 Jan 2020
We are hiring: https://about.gitlab.com/jobs/apply/
We defend our customers' applications and infrastructure from the ever-evolving exploitation techniques employed by those who wish to harm our customers.
Launch GitLab developed security technologies and integrate open-source projects to provide security controls for customers.
Employ security controls for our customers at the container, network, host, and application layers.
Provide features to allow customers to manage their security risks effectively and efficiently.
Defend team: https://about.gitlab.com/handbook/engineering/development/defend/
We defend our customers' applications and infrastructure from the ever-evolving exploitation techniques employed by those who wish to harm our customers.
Launch GitLab developed security technologies and integrate open-source projects to provide security controls for customers.
Employ security controls for our customers at the container, network, host, and application layers.
Provide features to allow customers to manage their security risks effectively and efficiently.
Defend team: https://about.gitlab.com/handbook/engineering/development/defend/
- 4 participants
- 5 minutes
20 Jan 2020
Demo portion of the Defend team's weekly discussion and demo of the Standalone Vulnerability MVC progress (https://gitlab.com/gitlab-org/gitlab/issues/13561)
- 7 participants
- 16 minutes
20 Jan 2020
Defend team's weekly discussion and demo of the Standalone Vulnerability MVC progress (https://gitlab.com/gitlab-org/gitlab/issues/13561)
- 7 participants
- 23 minutes
16 Jan 2020
See the new audit (listen-only) mode we're introducing as a follow up to the new Container Network Security MVC released in 12.7. This will involve another upstream contribution to the Cilium project.
- 1 participant
- 3 minutes
16 Jan 2020
We're continuing work on the First Class Vulnerabilities MVC for 12.8.
- 1 participant
- 3 minutes
17 Dec 2019
Be sure to check out the Application Infrastructure Security planning board: https://gitlab.com/groups/gitlab-org/-/boards/1420731?label_name[]=group%3A%3Aapplication%20infrastructure%20security
- 1 participant
- 7 minutes
17 Dec 2019
Be sure to check out the Threat Management planning board: https://gitlab.com/groups/gitlab-org/-/boards/1420734?&label_name[]=group%3A%3Athreat%20management
- 1 participant
- 5 minutes
17 Oct 2019
Walk through of planned priorities for 12.5 iteration of GitLab, focused on Defend stage and Secure::Static Analysis group.
- 2 participants
- 15 minutes
16 Sep 2019
Kickoff for the GitLab 12.4 release, for the Defend stage and the Static Analysis and Dynamic Analysis groups for Secure stage
- 4 participants
- 9 minutes
9 Sep 2019
Quick demo on progress for enabling Web Application Firewall for Kubernetes
Issue: https://gitlab.com/gitlab-org/gitlab-ce/issues/65192
Issue: https://gitlab.com/gitlab-org/gitlab-ce/issues/65192
- 5 participants
- 29 minutes