►
From YouTube: Threat Management Community Office Hours
Description
2020-08-28 https://gitlab.com/gitlab-org/threat-management/general/-/issues/734
Topics:
1. How to find threat insights and container security issues to work on.
2. What do the Category labels mean.
3. Getting started with Category:Vulnerability Management
A
Welcome
to
the
first
threat
management
community
office
hours.
Thank
you
so
much
for
watching
we've
got
some
people
with
us.
Today.
We've
got
in
the
in
the
threat
management
team,
savage
in
the
front
end.
We've
got
matier
with
back
end
and
we've
got
ray,
who
helps
out
with
community
what?
What?
What
area
do
you
work
in
ray
your
your.
A
B
So
I'm
in
the
community
relations
team,
so
I
work
with
mostly
code
contributors,
so
I'm
excited
excited
to
be
here.
We
we've
done
this
for
a
couple
of
other
stages,
so
this
is
awesome
so.
A
Yeah
we've
been
talking
about
this
and
it
came
from
from
alan
so
or
machia
in
terms.
What
do
you
want
to
call
him?
He's
got
an
alias,
so
I'm
gonna,
I'm
gonna,
go
through
really
quick,
so
we
can
get
to
the
good
stuff,
it's
just
some
initial
stuff
who
are
threat
management.
A
The
short
answer
is
that
we
work
on
vulnerability
management
and
we
work
in
container
security,
and
if
you
want
a
longer
answer
there
are
the
the
handbook
pages
have
have
all
the
information,
the
the
all
the
all
the
categories,
all
the
features
in
very
detail.
What
we
do,
including
the
roadmap
and
if
you're
interested,
just
ask
one
of
us.
A
Another
quick
thing
that
I
want
to
go
through
is
how
how
to
find
work.
So
if
you,
if
you're
looking
for
to
contribute,
there
are
a
couple
of
ways
that
you
can
find
it.
So
the
easiest
way
is
to
go
to
to
the
issues
section
in
in
gitlab
and
mache
is
going
to
show
you
the
the
actual
screen
in
a
minute
and
then
for
for
the
threat
insights
group,
which
is
the
which
works
with
the
vulnerability
management
category.
A
You
can
just
use
the
the
this
category
vulnerability
management
category
for
the
container
security
issues.
There
are
different.
There
are
different
category
labels,
but
they
are
all
on
the
devops
defense.
So,
if
you're
interested
in
anything
related
to
container
security,
you
can
just
use
devops
defendant
that
might
be
simpler
so
that
those
top
labels
here
allow
you
to
find
issues
on
this
topic.
A
The
the
labels
in
the
middle
here
are
things
that
we
accepting
for
for
from
contributions
for
for
from
the
community,
so
the
first
one
is
the
one
that
you
always
have
to
look
out
for
and
the
second
one
is
for
issues
that
we
have
pre-selected,
that
we
know
that
are
easier,
that
most
people
who
who
understand
the
technology
would
have
wouldn't
have
too
much
of
a
hard
time
and
ray.
Do
you
want
to
chime
in
here
in
general?
A
If,
if,
if
a
community
contributor
sees
something
that
doesn't
have
these
labels,
but
they
want
to
contribute,
they
can
just
ping
us
right.
B
Oh
yeah,
absolutely
I
mean
for
whatever
reason,
if,
if
you
don't
see
these
labels,
but
if
you're
interested
and
yeah
I
mean
we'll,
be
happy
to
work
with
contributors,
and
I
mean
it's
possible
that
some
other
gitlab
team
members
are
working
on
something.
But
you
know
even
if
there's
an
mri
like
ongoing,
for
example,
if
we
can
get
some
feedback
from
the
community
members
as
we
work
on
it,
that
that
would
be.
That
would
be.
B
A
Awesome
and
welcome
back
kev
kev
is
a
one
of
our
top
contributors
in
threat
management.
He's
done.
I
think
four
four
issues
now.
B
Yeah
I
just
I
just
saw
an
mr
that
was
merged
by
jose
like
a
few
hours
ago,
so
nice
to
meet
you
kev.
I've
been
seeing
your
mrs,
so
good
good
to
meet
you
here
on
the
call.
A
Cool
and
then,
finally,
if
you,
if
you
have
a
preference
for
front-end
or
back-end
issues,
you
can
also
use
those
labels
to
to
select
what
are
you
working
for?
What
are
you
looking
for
and
then
ray-
and
I
talked
a
little
bit
about
this,
but
if
you're
looking
for
something
to
work,
use
these
labels
to
find
an
issue.
A
Typically,
if,
if
an
issue
isn't
assigned
to
anyone,
it
means
nobody's
working
on
it
for
the
threat
management
team,
you
can
use
those
two
aliases
for
backhand
and
front-end
and
if
you're
not
sure,
doesn't
matter,
anyone
would
be
quite
happy
to
to
to
help
it
doesn't
really
matter.
If
you
get
the
wrong
team
and
in
terms
of
help
as
you're
working,
you
can
also
use
these
aliases,
but
there's
also
a
gita
channel
and
most
people
in
in
in
git
lab.
Well.
A
D
Okay,
I
hope
you
can
see
my
screen
here
and
see
that
is
great.
Okay.
So,
first
of
all
diego
you
talked
about
the
labels.
I
would
like
to
show
those
labels
in
action.
So
when
you
go
to
the
gitlab
project
and
you
apply
those
labels
to
the
issues
list,
you'll
get
something
you
can
start
working
on.
D
So,
for
example,
here
we
have
right
now,
three
front
end
issues
that
someone
can
pick
up
and
these
are
ready
for
for
for
anyone
to
start
working
on
them
so,
but
before
that,
what
you
obviously
need
to
do
is
to
somehow
set
up
your
or
your
environments
to
be
able
to
work.
So,
of
course,
you
can
still
contribute
if
you'd
like
to
fix
the
documentation.
Take
a
look
at
some
wordings.
Maybe
there's
something
you
can
improve.
That's
the
easiest
way
to
get
into
any
open
source
project.
D
Just
start
working
on
small
things
in
the
documentation,
then,
over
the
time,
take
something
bigger
from
the
development
side,
but
at
the
same
time
you
can
easily
set
up
the
gitlab
environment
in
your
local
machine
using
gitlab
development
kit.
So
the
project
is
available
for
you.
You
just
need
to
take
a
look
at
the
documentation
overview
and
getting
started
how
to
prepare
your
dependencies
and
set
up
the
whole
gdk,
it's
all
in
the
written
form
and
on
our
youtube
channel,
github
filter.
D
You
have
certain
videos
where
it
gets
you
through
the
process
of
installing
gdk
so
I'll.
I
won't
talk
about
that
today.
If
you
feel
that
it's
something
you'd
like
to
to
hear,
we
can
organize
a
separate
meeting
where
we'll
discuss
that,
maybe
with
someone
from
from
the
team
that
that
support
gdk.
D
So
once
you
have
a
issue
that
you
can
work
on,
what
we
are
trying
hard
to
do
in
our
team
is
to
make
sure
we
have
an
implementation
plan.
Implementation
plan
is
something
that
we
are
doing
during
the
refinement.
So
you
can,
you
can
see
what
was
the
idea?
D
The
issue
had
to
to
resolve
the
issue
right,
so
you
have
okay,
modify
something
here,
use
that
to
improve
something
else,
so
you
can
go
through
the
through
those
steps
and
fix
something
or
if
you
have
other
ideas,
you
can
just
take
a
look
at
those
suggestions,
but
do
something
absolutely
different:
it's
not
obligatory
to
implement
that
using
the
implementation
plan,
it's
something
that
it's
just
a
help
for
others,
so
they
can
take
a
look
and
see
if
it's,
if
it's
easy
or
not
easy
to
fix
that,
then,
if
you're
talking
about
the
code,
there
are
two
ways
to
do
it.
D
If
you
have
the
implementation
plan,
we
usually
try
to
add
either
links
to
the
source
code
or
we
are
using
like
class
names.
So,
for
example,
I
have
dashboard
projects
create
service.
So
I
can
go
to
my
virtual,
like
visual
studio,
and
I
can
I
can
do
the
same
like
dashboard
project
create
service,
and
I
I
mean
I
have
the
code.
I
can
start
working
on
this
one
and
so
on,
but
usually
you
don't
want
to
to
do
that.
You'd
like
to
take
a
look
where
it
all
starts.
D
So
I'm
in
terms
of
the
front
end
and
all
the
security
dashboards.
We
have
this
first
class
in
it
and
everything
everything
that's
actually
related
to
security.
Dashboard
will
be
here
so
ee
because
we
are
working
on
the
features
for
our
enterprise
edition
app
asset,
javascript
security,
dashboard,
and
you
have
it
here.
Okay,
I
talked
about
in
person
edition.
Maybe
I
should
talk
about
also
about
the
license
quickly.
So
ray
will
tell
you
more
about
that,
maybe
but
they're
in
the
handbook.
D
You
have
the
information,
what
to
do
if
you'd
like
to
contribute
to
the
future
that
it's
in
heathcliff
enterprise
edition
so
first
start
with
the
trial.
If
you
will
not
be
able
to
finish
your
task
within
that
30
days,
you're
you're,
of
course,
able
to
to
get
the
license
and
there's
the
whole
process
described
here
how
to
get
the
license.
B
A
D
Yep,
so
that's
about
the
license,
so
I'm
gonna
get
back
to
our
source
code,
so
yeah
here
we
have
everything
related
to
the
front-end
and
security
dashboards.
D
So
you
can
take
a
look
at
the
components,
graphql,
queries
and
stores
and
so
on,
maybe
savash
or
someone
else
would
like
to
chime
in
and
take
and
say
a
few
words
about
that.
But
if
not,
I
can
proceed
with
the
backhand
stuff.
E
D
That's
not
working
like
that
yeah
yeah!
So
in
terms
of
the
back
end,
there
are
three
ways
to
that:
we're
like
giving
our
features
available
for
end
users,
so
it's
either
internal
api
and
it's
it's
available
in
the
source
code
in
the
roots.
So
if
you
go
to
configure
security,
you'll
have
that
that's
the
entry
point
so
you'll
have
okay.
What
kind
of
controller
I
should
use
for
certain
action,
and
so
on.
So
that's
the
first
one.
Then
we
have
graphql
apis,
so,
okay,
everything!
D
So
we
have
those
controllers
here
and
we're
trying
hard
to
remove
them
over
the
time
and
move
to
graphql
only,
but
at
the
same
time
we
also
have
the
rest
api.
So
if
you're
talking
about
graphql
first,
you
go
to
graphql
and
you
have
two
options:
either
mutate
or
so
you
do
some
action
in
the
gitlab.
That
is
changing
the
state
or
you
you're
doing
queries.
So
you
either
go
to
mutations
and
you
take
a
look
at
the
instance.
D
Security
dashboard-
and
you
have
mutations
here
or
to
vulnerabilities-
and
you
have
other
mutations
here
available
available
for
you
that
are
related
to
our
work
or
you
go
to
the
types
and
here
we
have
all
types
related
to
vulnerability
if
the
task
is,
for
example,
to
extend
the
the
vulnerability
type
with
additional
fields
like
we've
recently
added
results
on
the
default
branch,
for
example,
that
was
newly
added
field.
So
so
you
just
add
field,
and
then
you
need
to
make
sure
that
this
filter
is
available
for
that
class.
A
If
that
that's
obviously
from
from
the
rail
side,
if
you're
looking
to
use
graphql
just
on
the
front
end,
I
think
you're
going
to
cover
that
as
well
right
much
here.
But
there's
you
don't
need
to
browse
the
code
to
see
the
the
api
there's.
This
handy
thing
there
graphql
explorer
and
there's
a
documentation
for
all
the
all
the
end
points
as
well.
D
Yeah
exactly
and
what's
nice,
if
we're
talking
about
graphql,
is
that
if
you
do
control
in
space
you'll
get
some
help
here.
So,
for
example,
oh
I'd
like
to
take
a
look
at
the
project
right
and
I
would
like
to
look
for
a
project
within
like
let's
be
like
this
will
be
the
project
and
so
on
and
so
on.
So
I
can.
D
I
can
get
that
I
can
get
vulnerabilities
for
the
project,
so
you
can
see
if
you're
adapted
to
using
that
it's
very
convenient
tool
that
you
can
use
to
to
get
the
idea
how
the
graphql
works
and
how
you
can
use
that
on
the
front
end
as
well,
so
we're
using
that
very
often
and
it's
a
huge
help
and
if
you'd
like
to
take
a
look
at
the
documentation
it's
available
here.
But
I
I
don't
use
it
to
be
honest,
I'm
just
using
the
the
autocompletion
that
we
have
here
and
it's
working
very
good.
D
D
E
Got
a
comment
here
for
to
have
a
look
to
example.
Queries
you
can
also
check
in
the
front
end.
Under
the
security
dash
security,
dashboard
folder
yeah,
there
is
yeah
the
graphql
folder
here
we
have
example
queries.
D
Yeah
exactly-
and
these
are
written
even
better
than
than
usually
right
in
the
graphql
api
explorer,
because
you're
using
fragments
here
so,
for
example,
this
is
the
fragment.
So
I'm
I'm
going
to
reuse
that
fragment
in
multiple
places
that
where
I'm
using
graphql
dpi,
which
is
on
the
front
end,
which
is
great
okay,
so
then
we
were,
I
was
starting.
I
started
talking
about
the
models.
This
is
where
we
all
connecting
to
the
database.
D
So
whenever
you
need
to
add
something,
modify
something
change,
validation
or
something
you
usually
end
up
here
in
the
model
and
we
don't
really
have
namespace
for
this
model,
but
anything
that
is
related
to
vulnerability.
So
you
have
these
vulnerabilities,
that's
the
one
namespace
that
we're
using,
but
most
for
the
for
the
most
part,
we're
using
vulnerability
model
that.
A
Is
here
you
could
you
could
also
have
a
look
at
the
code
owners
file
on
the
dot
gitlab.
Anything
there
prompting
pointing
to
threatening
sites
will
be.
I
think,
right
now,
there's
only
back
end
stuff,
but
if
you
look
for
threat
threatening
sides
yeah
there
you
go,
there's
the
paths
there
are
so.
A
D
That
is
great.
Okay,
thanks
for
watching
great
thank
you
and
the
last
thing,
so
we're
trying
and
we're
making
sure
that
our
board
is
up
to
date.
We
discuss
everything
in
the
issues
we
take
care
of
the
workflow
state,
so
we
really
make
sure
that
you'll
that
you'll
not
take
the
issue
that
someone
else
is
working
on
because
it
was
on
the
science
or
something
we're
really
making
sure
that
it's
all
it's
all
organized.
D
So
if
you
take
the
issue,
for
example,
let
me
take
this
one.
You
decide
that
you'd
like
to
start
working
this
one.
You
can
either
assign
it
to
yourself
and
make
some
comment
hey.
I
would
like
to
start
working
on
this
one.
Is
there
something
else
that
I
need
to
know
before
doing
that
and
if
not
then
you'll
just
change
the
the
workflow
to
to
in-depth?
So
if
you
go
here,
labels
in-depth
and
you're
good
to
go.
You'll
work
on
this.
One
you'll
create
an
mr
what's
good
about
gitlab.
D
When
you
create
an
mr,
when
you
send
the
code
through
git
to
gitlab,
you'll
get
the
automatically
generated,
link
that
you'll
just
click
and
it
will
create
for
your
mdmr
and
then
you'll
get
some
some
links.
Let
me
go
to
1mr
and
you'll
see
the
link
and
it's
really
useful.
D
E
In
the
meantime,
I
can
I
wanted
to
put
emphasis
on
picking
up
issues.
I
think
it's
super
important
if
you
pick
up
an
issue
to
assign
it
yourself,
because
recently
I've
I
had,
I
created
the
duplicate
work,
because
the
issue
was
taken
by
a
community
contributor,
but
it
was
not
assigned
to
him.
So
I
didn't
know
that
and
I
picked
I
picked
up
the
issue
so
this
this
will
help.
This
will
help
preventing
these
these
cases.
E
So
it's
extremely
important
if
you
can
assign
it
yourself
and
then
put
it
into
development
using
the
in-dev
label
that
helps
a
lot.
B
Yeah,
I
mean
just
just
one
thing,
unfortunately,
for
community
members,
unless
they're
part
of
the
core
team
they're
not
able
to
like
assign
issues
to
themselves
or
or
even
have
labels
so
yeah
yeah.
So
there
are
instances
I
mean
I
I
tried.
I
mean
not
just
myself
a
lot
of
people
try
to
assign
the
issue
to
to
the
contributor
who
started
working
on
something,
but
it's
it's
manual
so
and
then
I
mean
sometimes
I
forget
to
do
that
as
well.
B
Like
I'll,
see
an
issue
somebody's
working
on
it
and
I'll
do
my
best
to
assign
that
issue
so
that
accepting
merger
quest
label
gets
this.
You
know
it
gets
removed
and
then
there's
only
one
person
working
on
it.
But
it's
it's
not
perfect,
like
it's
one
of
the
things
that
we
should
probably
look
into
in
terms
of
automating,
but
yeah
I
mean
so.
I
think
it's
onus
is
sort
of
on
us
to
make
sure
that
that
assignment
and
labeling
is
done
for
the
contributor.
A
D
Great
great,
thank
you.
Thank
you
for
those
comments,
yeah
and
when
you
create
nmr
what's
important,
is
you
take
a
look
at
this
conformity
list?
So
what
you
need
to
make
sure
that
your
mr
is
is
written
and
the
code
is
written
according
to
some
some
rules
that
we
all
need
to
follow
in
gitlab,
so
code
review
guidelines
merge
request
if
you're
doing
anything
in
the
database.
That's
super
important
to
make
sure
that
that
you
do
everything
according
to
those
guidelines
and
styles,
and
so
on.
D
This
will
help
you
better
understand
what
we're
working
on
and
how
we're
doing
that
and
at
the
same
time,
you'll
prevent
yourself
from
getting
lots
of
comments
asking
you
to
change
something
because,
because
it
is
not
according
to
some
some
guidelines.
So
I
highly
encourage
you
reading
that.
D
If
you
want
to
read
more
about
the
whole
development
docs,
you
can
just
go
to
dogskitclap.com
and
you'll
get
the
contributor
and
development
docs,
and
you
should
have
all
the
information
that
is
needed
here,
either
for
front-end
or
for
back-end
or
working
with
gradual
api
or
anything.
So
we
try
to
we're
trying
hard
to
to
have
everything
documented,
so
it's
easier
for
you
to
to
search
through
it.
Okay,
that
was
that
was
all
I
I
have
for
today.
Thiago
is
like
that
something.
A
Yeah
one
one
thing:
we
when
we
were
talking
about
graphic
ql,
there
are
also
rest
apis
for
working
with
vulnerability
management.
Be
aware
that
the
rest
apis
for
vulnerability
management
are
in
alpha
and
we
do
prefer
the
the
graphql.
A
I
think
that
there
is
only
one
endpoint
in
rest
that
graphql
doesn't
do
around
vulnerability
findings,
but
even
that
one
we
look
into
implementing
graphql
very
soon,
so
by
all
means
go
to
that.
First
yeah.
D
Yeah,
that
is
true.
We
were
talking
about
that
just
before
the
meeting
and
then
I
forgot
to
add
it.
B
D
D
Api
as
well
now
it's
called
the
v4
api
for
vulnerabilities,
we're
we're
doing
what
we
can
to
move
all
the
functionality
that
we
initially
wrote
in
an
apis
to
graphical
apis.
So
we're
still.
D
There
are
a
few
things
that
we
need
to
improve
and
work
on
and,
on
the
front
end
we're
trying
to
limit
the
usage
of
those
api
so
we're
trying
to
make
sure
that
we're
only
using
graphql
apis,
so
so
yeah,
but
but
yeah
there's
also
api
that
you
can,
you
can
use,
or
you
can
work
on
if
there's
any
certain
issues
that
you
would
like
to
take.
A
Do
do
we
do
we
have
any
issues
to
step
through
that
we
we
would
like
to
do
or
not.
Really
I
didn't
prepare
any
it's.
Okay,
if
you
haven't
just
just
asked
in
case
safari,
I
haven't.
I
had
something
or
no
yeah,
that's
all
good
yeah
we
can.
We
can
do
that
on
on
on
the
next
one.
How
about
you
kev
any
any
comments
or
questions
having
having
done
a
few
issues,
and
I
want
to
share
what
were
some
of
the
hard
things
or
one
of
the
good
things
things
to
improve.
C
Yeah
I
had
one
thing
with
the
license:
we
were
talking
or
you
were
talking
about
it
earlier.
I
tried
to
get
it
with
the
admin
account,
but
that
didn't
work
because
it
was
the
root
example
dot
com
email.
So
I
had
to
create-
or
I
used
the
second
account
to
get
it
to
my
email
and
then
I
could
install
the
license.
C
C
C
I
would
have
what
I
found
also
pretty
helpful
was
the
guide
that
was
also,
I
think,
lindsay
care.
Did
that
it's
in
the
description
in
the
in
the
comments
of
the
office
hours
issue
of
the
current
one,
the
instructions
how
to
get
the
vulnerability
list
and
the
security
dashboard.
I
found
that
really
helpful,
because
I
was
kind
of
lost
on
that,
because
I
never
used
it
before
yeah
that.
C
D
Yeah,
that
is
great
point
we're.
We
also
have
something
in
our
road
map
to
to
make
it
even
easier
because
yeah
we
we
see
that
people
would
like
to
get
some
vulnerabilities
into
their
projects
and
either
our
contributors
that
are
not
working
with
with
our
code
or
asking
for
that,
and
we
that's
great
that
lindsay's
heard
that
yeah.
Thank
you.
Thank
you
for
that
comment.
It's
a
great
comment.
A
Yeah,
that's
a
good
idea.
We
we
have
projects
that
will
generate
vulnerabilities,
but
in
order
to
run
them
locally
you
you
need
a
runner
and
the
gitlab
run
is
one
extra
step
on
on
beyond
gdk
I
mean
the
instructions
are
all
there,
but
if,
if,
if,
if
you
can
skip
there
and
have
an
easy
way
to
load
the
data,
so
you
can
work
with
it
that
that
probably
helps
so
that's
another
thing.
We're
looking
to
do.
C
Yeah,
I
already
knew
how
to
set
up
a
runner,
but
it
was
just
like
an
extra
strap
step
and
if
you
could
do
it
without
it
to
just
seat
some
into
the
database,
that
would
be
cool
yeah
through
the
console
or.
C
A
Yeah
me
too,
and-
and
I
want
to
move
this
faq
to
to
a
more
visible
place
so
as
part
of
the
the
post
post
office
hours,
we
we're
gonna,
create
the
next
issues
for
for
the
for
the
upcoming
office
hours
and
then,
if
somebody
wants
to
to
find
when
the
next
officer
was
asked.
A
Sure
thank
you
so
the
the
office
hours
they're
booked
right
now,
it's
this
one
that
we're
having
and
there's
one
that
ray
booked
so
ray
every
everybody
who
holds
office
hours
in
gitlab.
They
use
this
label
right.
This
is
a
safe
yeah.
B
I
mean
yeah,
it's
they
should,
I
mean
sometimes
like.
I
think
we
forget.
I
think
the
package
also
has
an
office
hour
during
hackathon
next
week,
but
I
probably
forgot
to
add
that
label.
So
it's
my
bad
yeah,
I
mean
so
speaking
of
like
hackathon,
I
mean,
if
you
want
to
add
any
issues
that
you
want
people
to
work
on
during
the
hackathon
I
mean,
I
think
you
did
a.
B
I
saw
a
couple
of
front
end
issues
that
during
the
presentation
like,
if
you
want
to,
let
me
add
a
couple
of
links
here
on
the
chat
so
kevin.
I
don't
know
if
you
know
of
our
quarterly
hackathon,
but
we
have
hackathons
every
quarter.
B
The
q31
is
next
week
and
here's
also
an
issue.
Let
me
find
the
link
where
we
advertise
lists
of
issues
that
we
encourage
people
to
work
on,
and
then
we
largely
broke
it
down
into
front
end
versus
like
back
end,
but
we
also
have
the
query
that
tiago
you
showed
for
issues
good
for
new
contributors,
but
yeah
so
for
for
threat
management.
If
you
want
to
add
additional
issues
there
that
that
you
want
to
highlight,
for
the
hackathon
feel
free
to
do
that.
A
Great
any
any
questions
have
you
want
to
ask,
maybe
savage
or
mache
about
development
things
you
had
trouble
with,
since
we
we
opened
for
q
a
now
not.
C
To
put
you
on
the
spot,
if
you
don't
have
anything,
that's
yeah,
it
went
pretty
smooth
except
the
two
things
I
mentioned:
yeah
yeah.
Everything
else
is
just
working
a
bit
more
in
it
and
then
it
should
be
easier
too.
Good
hope.
C
B
Mind
my
asking
kevin
like
I
mean
what
sort
of
prompted
you
to
start
contributing,
and
how
did
you
find
issues
that
you
wanted
to
like
work
on?
I
mean
it's
like
a
standard
question
that
I
that
I
typically
ask
like
recent
contributors,
but
yeah.
If
you
don't
mind,
sharing
that
they'll
be
that'll,
be
great.
C
Yeah
sure
yeah
I
found
yeah
well,
I'm
just
gonna
quickly
start
where
I
found
gitlab
so
from
quite
a
while
ago,
when
I
was
looking
for
like
good
alternative
for
a
private
project,
and
I
had
another
alternative
or
two
other
alternatives,
but
just
the
fact
that
gitlab
was
free
was
like
also
a
private
project
was
like
huge,
which
was
not
common.
I
think,
and
then
I
really
started
to
read
into
it,
and
I
read
about
it
that
was
open
source
and
yeah
that
you're
really
transparent.
C
And
so
then,
at
some
point
like
this
month,
I
was
like
curious
and
looked
at
the
code
base
and
then
like
yeah,
maybe
maybe
I'll,
contribute
a
bit
because,
like
I
like
that,
just
everything
is
integrated
in
one
tool
and
that's
not
like
a
tool
chain
where
you
have
jenkins
and
another
source
code
management
and
yeah.
So
I
found
in
the
in
the
handbook.
C
I
think
this
in
the
community
contributions
page
there's
like
that
you
can
filter
for
accepting
merge,
requests
and
good
for
new
contributors,
and
so
I
just
searched
that
in
the
issues
list
and
yeah,
they
have
found
some
and
I
kind
yeah,
I
kind
of
had
some
fun
doing
the
thread
inside
once
so
yeah.
That's
that's
how
I
found
it.
B
That's
awesome.
I
glad
to
hear
that
the
landing
page
was
helpful,
but
great
I
mean
obviously
we
appreciate
it
and
and.
B
And
yeah
I
mean,
while
in
the
process
of
contributing
just
let
us
know,
if
there's
anything
that
we
can
do
to
make
your
lives,
make
your
life
easier.
A
Yeah
second
amazing:
well
thanks!
So
thanks
so
much
for
sharing
all
that
kevin,
it's
really
appreciated
and
ray.
Do
you
have
any
final
words?
I
if
we
don't
have
anything
else,
I'm
gonna,
I'm
gonna
close
this
half
an
hour
early.
B
No,
I
appreciate
you
setting
this
up
and
I
mean
one
of
the
reasons
why
I
wanted
to
do
this
before
the
hackathon
next
week
was,
to
I
mean,
get
this
content
available
on
obviously
on
youtube,
so
people
can
hopefully
view
it
before
the
hackathon.
I
think
you
I
mean
all
of
you
like
cover
a
lot
of
good
materials,
and
if
you
can
highlight
issues
that
you
want
to
advertise
for
the
hackathon,
I
think
there
will
be
another
way
to
get
more
contributors
involved
and
yeah.
B
Definitely
looking
forward
to
expanding
the
the
number
of
contributors
in
in
threat
management.
A
Excellent
yeah:
we
will
do
what
to
it
and
lindsay
who's.
My
colleague,
the
engineering
manager
for
front
end
she's
she's.
A
Add
some
other
we're
going
to
pre-book
all
the
events
for
the
rest
of
the
year,
so
cool?
Also
people
can
book.
Can
you
know,
plan
plan
to
attend
and
and
also
ask
questions
somebody's
having
any
tricky
trick,
issues
that
they're
working
on
or
trouble
with
anything
we
love
to
do
some
screen
share
and
just
some
live
hacking
yeah.