►
From YouTube: GitLab 12.10 Kickoff - Defend:Threat Insights
Description
Vulnerability Management work continues on standalone vulnerability objects.
https://about.gitlab.com/direction/defend/vulnerability_management/
A
Hey
folks
at
Wilson
senior
product
manager
for
defend
and
the
threat
insights
group
if
you've
been
following
these
videos
for
a
while
threat
insights
that
may
sound
a
little
bit
different,
we
have
recently
tweaked
some
of
the
group
names
and
shuffled
things
around
a
little
bit
on
the
defend,
as
well
as
the
secure
side.
So
what
was
threat
management
before
is
equally
named
threat
insights
going
forward,
so
that
still
includes
the
vulnerability
management
work.
We're
going
to
talk
about
here,
as
well
as
the
Ueda
work
and
responsible
disclosure.
A
A
So,
as
you
can
see,
this
is
probably
similar
to
what
we've
been
looking
at
for
X
in
the
last
few
of
these
videos,
and
the
bulk
of
the
work
is
still
this
nbc4
standalone
vulnerability,
objects,
I'm,
not
gonna,
go
into
details.
We've
talked
about
this
for
the
last
several
of
these
I
just
want.
To
reiterate.
This
is
a
it's,
a
very
large
effort,
which
is
why
you'll
see
that
we've
been
working
on
this
for
several
iterations,
and
this
is
not
typically
the
way
that
we
would
iterate
and
put
something
out.
A
But
this
is
a
it's
a
big
kind
of
an
all-or-none
project,
so
we're
fundamentally
redoing
how
we
track
vulnerability,
findings
and
the
vulnerabilities
in
the
system
they're
going
to
be
their
own
first-class
objects.
If
you
will
so,
you
can
interact
with
them
like
you
would
a
tissue
so
they'll
have
their
own
page,
they
could
be
independently
linked
to
you,
can
link
them
to
other
objects
in
the
system,
like
issues
etc.
The
reason
this
is
so
challenging
to
do
in
a
small
increment
is
it
requires
redoing
the
functionality
underlying
all
of
the
security
dashboards.
A
So
that's
the
project
level,
as
well
as
the
new
instance
level,
dashboards,
the
pipeline
security
widgets
and
then
building
out
the
new
functionality
itself.
All
this
is
sitting
behind
a
feature
flag
and
as
soon
as
we
are
ready,
we'll
be
able
to
pull
the
future
flag
off.
Part
of
this
is
also
the
migration
of
the
existing
findings.
A
It's
a
ton
of
work.
It's
a
lot
of
technical
and
API
work,
as
well
as
on
the
front
end.
So
far
when
we
have
27
different
linked
issues-
and
this
is
not
typical
of
what
you
would
see,
but
we've
got
a
lot
of
them.
You
can
kind
of
see
her
or
closed
out
and
so
far
we've
had
26
em
ours
against
it.
So
it's
just
a
huge
piece
of
work.
The
team
is
really
excited
about
it.
A
I
know
it's
been
taking
a
long
time,
but
we're
going
to
push
really
hard
and
try
to
get
this
across
the
finish
line
for
12
10
I
called
out
last
time.
This
is
another
thing:
I
just
wanted
to
make
a
quick
mention
of
so
the
other
big
direction,
piece
which
is
directly
behind
it
and
also
dependent
on
getting
this
first-class
vulnerability
object
or
Stan
loading
vulnerability,
object,
work
done.
Are
these
project
level
exportable
security
reports?
I
just
found
this
last
time
again.
Normally
we
wouldn't
talk
about
it.
A
This
is
a
stretch
item,
so
this
means
this
is
something
the
team
is
actively
working
on,
but
we
don't
have
full
confidence
that
the
capacity
team
capacity
is
gonna,
be
able
to
deliver
it
in
this
release.
But
this
is
I
just
want
to
point
out.
It's
still
kind
of
top
of
the
list
behind
the
standalone,
vulnerability
work
and
we're
gonna
try
to
get
a
lot
of
the
back
end
pieces
in
place.
Now
that
the
standalone
Zoeller
ability
object
framework
is
there.
A
So,
that's
it
not
not
a
whole
lot
of
change
since
last
time,
but
we've
got
this
two
major
things
that
you
saw
in
the
12:9
we're
going
to
continue
those
four
12
10
and
we
have
or
companies
that
we're
going
to
be
able
to
get
that
to
a
spot
where
we
can
release
it
and
everyone
will
will
get
to
see
the
product
of
several
months
worth
of
very
hard
work
by
the
team.
So
thank
you
and
enjoy.