►
From YouTube: Kubernetes SIG Security Tooling 20220104
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
B
B
Yeah
so
actually
like,
as
we
discussed
when
we
met
last
time
on
that
the
cve
task
right
so
I've
I
mean
I
made
few
progress
on
that
task.
B
Yeah,
I
think
oh
yeah,
you
can
give
me
the
permission.
Okay,
try.
A
A
B
So,
as
we
discussed
on
that
task
or
on
the
six
security,
let
me
just
open
that
task.
B
So
there
were
couple
of
tasks
which
we,
which
I
needed
to
work
on
like
this,
generating
the
json
document
project
in
the
user
task.
So
mostly,
I
have
spent
time
and
oh
yeah
and
also
on
the
cake,
kp
or
like
app.
We
we
wanted
to
work
on
the
cap
as
well
to
just
highlight
this.
Whatever
work
we
are
doing
so,
I
have
worked
on
the
like
bit
on
the
json
document
and
also
I
worked
with
the
team
on
the
user
task.
B
So
I
I'll
explain
what
so
I
made
progress
on
the
user
task
and
it's
almost
done.
The
only
thing
pending
is.
We
need
to
decide
like.
Let
me
show
you
what
we
have
done
there.
So
if
you
see
so,
this
page
was
only
having
this
link
right.
It
was
not
having
this
table
right.
A
B
Yeah,
so
we
have
made
the
code
changes,
so
this
is
how
it
will
populate
the
data
in
this
page.
C
B
B
Yeah,
so
this
is,
I
mean,
thank
you
team
and
you
guys
helping.
This
is
so
team
help
me
like
in.
I
just
created
the
pr
also
on
the
website,
kubernetes
website
yeah.
So
if
we
click
on
this,
it
leads
you
to
the
cv,
details
page.
B
B
A
B
That
it
is
consumed
in
my
code
right
like
if
you
see
in
the
kubernetes
website,
there
is
a
file
which
have
created
html
right
and
this
this
just
populates
that
data
which
we
see
in
the
kubernetes
dock
right.
So
actually,
I
need
one
json
document
which
should
be
hosted
remote.
It
can
be
anywhere,
so
the
doubt
is
where
it
can
very
very
it
should
be.
It
should
not.
If,
obviously
it
will
not
on
my
data
right,
so
it
should
be
like
where
it
where
it
will
come
from.
I
need
idea
on
that.
A
Yes,
I
I
yes
so
looks
like.
We
need
two
three
steps
to.
A
What
I
was
thinking
is
what,
if
there
is
like
a
job
that
runs
and
does
the
query
with
the
filter
we
have
on
the
label
and
using
that
it
will
create
this
json
dock
once
this
json
dock
is
created
now
the
only
missing
piece
is:
how
does
hugo
consume
the
json
doc
once
so?
If,
if
there
is
a
way
to
update
the
website
page
based.
B
B
Okay,
okay,
yeah,
so
that
thing
I
think
I
might
ask
him
once
because
he
might
have
idea
on
that
because
he
just
wanted
like
so
the
queries
we
had
was
like
where
this
json
will
come
from
and
that
part
I
will
sort
out
with
team.
Maybe
maybe
I'll
ask
him
once
on
that?
Let's
see.
C
A
Right
right,
if
there
is
I'll,
also
try
to
find
if
there
is
a
project
and
savita
tommy.
If
you
know
please
comment
if
there
is
a
pro
job
that
has
a
similar
kind
of
behavior,
where,
after
the
job
is
created,
some
kind
of
a
document
or
text
file
or
something
is
created
that
is
then
accessible
after
the
job
is
complete.
B
A
Right
now,
I'm
thinking
we
could
host
it
on
six
security,
tooling
fold
directory
inside
our
k6
security
repo,
but
I
will
will
encounter
all
the
approvals
and
reviews
that
would
need
to
be
manual.
So
I
think
updating
it
periodically
without
somebody
needing
to
approve
would
be
wouldn't
be
possible
in
that
case,
so
some
other
place
where
it
is,
it
can
be
hosted
and
refreshed
might
be
best.
B
Okay,
yeah
yeah
makes
sense
so
yeah.
Let's
I
mean
this
point
I'll
note
down
like
just
the
json
document
part
the
pro
job
thing
like
this
will
be
taken
care
in
the
pro
job,
also
like
whenever
I
will
start
with
this
work.
So
apart
from
that
is,
I
am
okay,
so
do
does
this
json
looks
okay,
I
mean
like
it
has
cv
id
cv,
url
number
summary
issue
url
and
google
group
url.
We
are
not
using
this
google
group
url,
but
I
have
just
kept
it.
Yeah.
A
Yeah
yeah.
No,
I
think
the
the
overall
table
format
looks
good
to
me.
Okay,
only
thing
I
was
wondering
is
for
the
cva
link.
Is
there
a
similar
link?
We
can
use
for
this
website
cva
details.com,
because
that's
the
one.
I
typically
find
the
scanners
and
other
things
other
places
using
and
using
that
if
there
is
a
way
to
get
the
cv
id.
Similarly,.
B
Okay,
so
you
want
this
link
to
be
which
any
any
different,
url
yeah.
B
C
A
C
A
B
Sure
sure
yeah,
so
that
change
I'll
do
and
yeah
I'm
working
on
the
automation,
also
like
creating
one
shell
script,
which
will
generate
this
json
document
right
because
we
already
have
like
done
all
this
work
using
github
api.
So
just.
C
B
A
B
C
A
B
B
Sure
sure
yeah
and
the
one
thing
is
like
this
label
issue
I
mean
I
don't
have
access.
I
think
it's
restricted
right.
Yes,
so
I
mean
I
can
use
some
other
authentication
token
or
I
means
for
this
call.
A
The
issues
labeling
or
the
issues
is
so
for
the
past
issues.
It's
already
done
the
future
issues.
What
tabby
did
was
for
the
src
guideline
anytime,
a
new
cva
needs
to
be
announced.
They
have
added
in
their
template
to
add
this
label
automatically.
A
B
Okay,
okay,
got
it
got
it
yeah,
then
then,
then
it's
fine,
yeah
and
and
yeah
and
the
one
more
last
thing
is
like
I
have
written
the
draft
cap.
Also,
maybe
you
can
I
mean
it's
very
I
mean
you
can
just
go
through
it
and
make
changes
or
just
let
me
know
what
we
can.
How
can
we?
How
can
we
improve
it
right?
It's.
A
Yeah,
let's
share
with
everyone
and
it's
fine,
I
think
every
even
if
it's
draft
or
early
just
mention
that,
so
that
people
know
how
what
to
look
at
and
what
level
to
look
at.
A
B
B
A
I
think
the
one
I
shared
earlier
was
a
template.
So
if
you
go
to
that
and
say
make
a
copy,
then
it
will
create
a
new
document
and
then
you
can
put
your
stuff
that
you
have
in
that
one.
A
Okay,
and
maybe
we
can
say
like
comment
if
you
permission,
could
be
comment
if
you
have
a
link
so
that
people
can't
edit
it
just
by
themselves
so
people,
but
people
are
going
to
suggest
so
that
will
work
out.
B
A
C
A
Change
to
anyone
using
the
link,
so
it
will
be
accessible
to
everyone
on
slack
that
way,
and
here
it
will
say,
viewer
right,
so
just
change
from
viewer
to
commenter
editor
will
it's
up
to
you.
If
you
want
editor.
Basically,
anyone
with
the
link
can
start
editing
it
and
we
wouldn't
be
able
to
kind
of
look
at
specific
updates.
People
make
commenter.
C
C
A
Yeah,
okay
sounds
good,
looks
like
we've
made
a
lot
of
progress.
Thank
you
for
working
on
this.
While
I
was
away
just
one
or
two
main
questions
looks
like
open
and
then
we
are
good
to
go.
A
All
right,
cool,
okay,
while
I
was
away,
looks
like
when
I
also
joined
you
like
welcome
anything
you
want
to
discuss
or
just
listening
in.
Let
us
know.
D
I
was
just
listening
in,
but
quick
update
is
that
the
cube
atm
we
are
actually
making
moving.
The
cube,
am
rootless
changes
to
beta
and
also
I'm
starting
to
track.
The
progress
of
the
username
space
is
kept
because
I
think
it's
going
to
go
in
alpha.
A
lot
of
people
think
it's.
It
is
the
it
is
going
to
solve
all
the
problems,
but
not
in
its
alpha
state
because,
like
it
doesn't
like
anytime,
I
talk
about
any
security
thing.
They're
like
oh
wait.
D
We
should
wait
for
user
name
spaces,
which
is
great,
I'm
all
for
it,
but
I
think
right
now,
the
the
way
it's
being
implemented
is
they're
not
going
to
handle
any
container
that
mounts
like
any
persistent
volume.
So
it's
good
for
a
lot
of
very
simple
containers,
but
not
some
of
the
use
cases
that
I'm
very
interested
in,
but
I
think
it's
a
good
move
and
I
think
we
here
should
start
tracking
it
as
well.
D
If
we
can,
in
terms
of
like
making
sure
that
it
goes
to
beta
with
where
it
can
like
serve
every
container.
Hopefully,
yes,
so
yeah,
I'm
starting
to
like
start
tracking
that
work.
A
Awesome
yeah,
I'm
very
excited
to
hear
both
updates
and
yeah.
Let
us
know
if
we
can
help
in
reviewing
adding
code
writing
documentation,
making
this
more
popular
and
sharing
it
with
others
in
any
way
or
form.
Let
us
know
we'll
be
happy
to
help.
You
sounds
good,
we'll
do!
A
Okay,
while,
while
we
are
here
appreciate
if
nia
vinayak,
you
can
also
add
your
name
on
the
meeting
minutes,
so
we
just
have
a
track
of
who
joined
what
we
discussed,
etc.
A
A
More
on
topic:
oh
okay,
okay
I'll
cover
one
small
topic,
which
is
potential
opportunity
to
contribute
for
someone
who
may
not
have
done
a
lot
and
then
we
can
cover
yours.
We
have
about
20
minutes
or
so
so
we
might
be
able
to
cover
both.
So
now
maybe
question
for
you.
I
remember
we
added
before
I
left
the
build
time.
A
B
Yeah
yeah,
let
me
just
do
that
I'll,
create
I'll
update
you
in
this
by
the
end
of
this
week,
yeah.
A
Maybe
this
is
an
opportunity
for
you
to
kind
of
help
out
somebody
who
wants
to
contribute
but
doesn't
know
what
to
do
by
creating
or
kind
of
helping
them
through
this
task
of
writing
this
documentation,
because
we
have
a
good
template
of
what
to
expect
in
the
build
time,
dependency
doc,
and
you
know
it
end
to
end
how
container
image
scanning
works.
So
with
both
those
things.
A
If
you
are
willing,
you
could
help
out
someone
make
their
first
contribution.
B
A
Okay
cool
in
anyone
in
the
call
who
wants
to
take
the
first
digs
at
this.
C
I
can
only
help
out
just
kind
of
get
the
idea
of
what's
required
and
I
can
definitely
chip
in.
A
Yeah,
okay,
great
thanks
glad
to
hear
that
tommy.
So
maybe
I'll
quickly
go
through
how
the
other
doc
looks
like
today,
and
that
will
probably
give
you
an
idea
about
what
to
expect
what
would
be
the
scope
and
then
nia
will
obviously
be
able
to
help
out,
and
you
can
also
get
a
chance
of
how
much
time
commitment
it
would
look
be
like.
So
let
me
quickly
share
my
screen.
A
A
So
this
is
the
readme
of
what
we
have
done
so
far
and
some
details
about
it.
So
we
have
two
jobs
today:
running
that
scan
for
build
time,
dependencies
and
container
image
that
are
part
of
every
kubernetes
release
and
the
scanning
exists.
It
runs
as
a
pro
job,
etc.
But
a
lot
of
details
about
how
it
does
run
is
only
was
only
in
the
heads
of
me
and
neha
and
a
few
others.
A
So
we
thought,
let's
document
what
we
have
done
for
one
like,
so
I
did
one
for
build
time
dependencies,
which
is
this
where
we
explain
how
it
actually
works,
how
you
can
run
it
locally
and
how
you
can
run
it
as
part
of
kubernetes
kubernetes
test
grade
and
then
what
are
the
filters
we
have
applied
to
get
this
working
and
then
this
is
an
example
of
how
it
actually
looks
like
in
terms
of
the
result.
A
So
what
we
don't
have
today
is
similar
dock
for
container
image
scanning,
and
this
is
what
neha
had
actually
implemented
and
what
we
were
hoping
is
now
we
can
create
a
similar
dock
for
that,
like
we
have
for
build
time
dependencies.
So
that's
really
basically
learning
from
going
through
some
pro
jobs.
What
we
have
been
doing
and
writing
a
single
markdown.
Just
like
this
one
for
continuing
scanning.
I
think
that
would
be
the
overall
scope
for
this
task.
C
Yeah,
it's
awesome.
It
seems
pretty
straightforward
if
I
can
wrap
my
head
around
how
it
works.
It'd
be
great.
A
B
A
Okay
cool,
so
why
maybe
I
can
suggest
both
of
you
to
start
a
thread
or
yeah.
You
can
start
a
thread
on
our
slack
channel
and
kind
of
explain
what
needs
to
be
done.
Ideally,
if
we
can
create
an
issue
with
the
details
of
what
is
expected,
what
needs
to
be
written
that
you
create
nia?
That
would
be
great
and
then
tommy
for
you.
A
It
will
be
basically
looking
at
the
issue
asking
some
questions
and
then
one
of
us
who
is
a
member
unless
you're
also
a
member,
can
assign
it
to
yourself
or
we
can
assign
it
to
you
that
issue,
and
then
you
can
start
a
pr
and
any
one
of
us
can
help
you
out
with
creating
a
pr
finding
the
right
place,
etc.
For
it.
Does
it
sound
like
a
good
next
step?
A
Sounds
perfect?
Yes,
okay,
okay,
cool
all
right!
So
look
forward
to
that
nia
tommy!
Let
me
know
if
I
can
help
out
but
looks
like
both
of
you
should
be
able
to
get
get
it
working.
B
A
Okay,
cool,
so
that
that
is
great,
we
have,
we
will
be
able
to
actually
have
a
full
complete
documentation
of
both
the
jobs
after
that,
and
I
think
it
will
be
a
very
good
end-to-end
story
of
what
the
tooling
group
has
really
done
in
the
last
one
year
or
so
next
topic
I
had
in
mind,
was
related
to
one
of
the
jobs
that
are
failing.
Nia,
you
might
be
aware
of
that.
There
is,
there
is
a
continuity,
transitive
dependency
bump.
A
And
that's
actually
failing
the
job
and
the
way
we
have
written
it.
It
will
fail
until
that
one
is
fixed
and
not
check
for
other
vulnerabilities.
A
So
one
of
the
things
I
was
thinking
was,
we
probably
need
some
kind
of
an
allow
list
for
our
jobs
in
future,
where
any
time
any
time
we
have
something
like
this,
which
is
a
work
in
progress
and
it's
it
is
a
known
issue
and
we're
fixing
it,
but
just
waiting
for,
in
this
case,
ci
divisor
to
release
a
new
minor
version
or
a
patch
version.
We
just
say
we
are
aware
of
this.
A
B
Hey
yeah,
I
mean
this
idea
looks
good
because,
because
right
now,
like
I
saw
today,
the
job
is
still
feeling
yeah.
So
it
is
the
same
reason
like
so
we
we
don't
want
the
job
to
fail.
If
there
is
any
dependencies
or
for
any
fix
to
be
released
right
right.
A
B
Okay,
and
do
you
know
like
how
to
add
that-
and
I
mean
I
mean
we:
can
we
can
research
on
that
like
how
to
add
the
loud
list,
how
to
work.
A
On
that
yeah,
my
my
thinking
was
one
one
way
could
be
adding
the
allow
list
outside
of
pro
or
the
other
way
would
be
adding
the
allow
list
as
part
of
pro
job.
So
it
covers,
goes
through
all
the
code
reviews
and
everything
else
which
which
might
not
be
a
bad
idea,
because
we
would
need
code
reviews
anyway,
in
terms
of,
are
we
not
adding
something
in
allow
list
with
maliciously
or
by
mistake
when
we
shouldn't
really
be
adding
it?
A
So
from
that
perspective,
it
might
make
sense
to
just
keep
it
as
part
of
code
where
the
allow
list
is
also
code
that
we
check
in
and
when
it
is
fixed.
We
remove
it
or
things
like
that.
B
Okay,
okay,
do
we
have
any
sample
which
is
already
implemented
like
I.
A
A
Yeah
good
call
so
like
are
you
thinking
like
if,
once
the
tracking
issue
is
closed,
can
we
remove
that
yeah?
I
think
that's
a
good
point.
Maybe
I'm
almost
thinking
now
it
could
be
based
on
labels
where
we
say
this
is
a
known
issue
and
we
query
for
anything
that
is
known
and
based
on
that
we
use
github
issues
themselves
as
allow
list
instead
of
creating
our
own
list.
So
yeah
lots.
A
Yeah
yeah,
exactly
okay
cool
all
right.
We
have
about
10
12
20
to
13
minutes
more,
we
neck.
Let's
talk
about
what
you
want
to
talk
about
and
if
we
don't
finish,
we
can
always
talk
again
in
our
larger
security
meeting
as
well.
D
Sure
yeah
so
there's
a
lot
of
like
monitoring
agents
right
like
like
data
dogs
agent,
I
think,
is
one
that
comes
to
mind
right
and,
like
I
think,
even
even
what's
the
other
one
what's
follow,
all
those
ones
called,
I
think,
there's
they.
D
Whatever
their
components,
yeah
thank
you,
there's
a
bunch
of
them
and
like,
and
I
think
all
of
them
mount
like
the
container
socket
right
like
they
mount
the
container
socket
and
by
that,
like
anything
that
mounts
a
container
socket,
they
become
like
root
just
because
like
if
somebody
can
get
access
to
that
container.
Even
if
their
container
isn't
running
as
root,
you
can
create
like
privileged
containers,
left
right
and
center,
and
so
at
least
in
google.
We
consider
that
to
be
like
okay.
D
This
is
like
super
highly
privileged
and
I've
been
thinking
of
ways
of
how
we
can
like
get
rid
of
that,
and
I
looked
at
like
the
calls
that
these
agents
make,
and
most
of
these
are
they're.
My
read
calls
right.
D
None
of
these
agents
like
actually
modify
anything
like
by
modify,
I
mean
like
if,
if,
if
we
have
to
talk
in
terms
of
like
rest
methods
like
all
of
them,
are
get
operations
right,
nothing
is
like
a
post
operation,
usually,
and
so
in
docker,
like
you,
can
kind
of
do
something
where
you
can
add
like
a
odd
z
plug
in
and
then
it
can
reject
requests,
but
container
doesn't
really
support
that
a
lot
of
the
times
because,
like
I
think,
each
plugin
is
per
service
right
and
it
actually
overrides
that
existing
service
and
that's
not
what
we
want
to
do
in
continuity.
D
So
I've
been
thinking
about
like
adding
a
setting
to
continuity,
where
it
runs
this,
like
transparent,
grpc
proxy
in
front
of
like
its
apis
and
has
a
list
of
like
methods
that,
like
we
kind
of
work
with
continually
to
say
like
okay,
these
are
safe
and
a
method
that
would
be
safe
would
be
like
list
containers
or
like
list
images.
Whereas
a
method
we
could
say
is
unsafe
is
like
create
a
container
and
or
pull
an
image
or
get
get
image
secrets
or
whatever
and
so
yeah.
D
I'm
writing
thoughts
down
and
kind
of
want
to
introduce
that
to
continuity.
I
think
it
it'll
be
a
good
win
for
us
as
well.
Just
because,
like
a
lot
of
us,
run
these
agents
in
in
our
like
or
offer
them
as
like
third
party
containers,
you
can
run
in
our
environment.
So
yeah
I've
been
thinking
about
that
and
kind
of
running.
That
idea
by
as
many
people
in
security
as
possible,.
A
D
Yes,
I
have
like
a
working
prototype
where
I
wrote
a
transparent,
grpc
proxy.
There
was
luckily
somebody
wrote
one
for
so
I
I
didn't
have
to
write
my
own,
so
yeah,
but
but
like
I
can
run
my
own,
but
I
think
that
doesn't
solve
the
larger
problem.
The
larger
problem
is
like
addressing
it
in
continuity,
and
I
haven't
been
able
to
recognize
a
forum
where
continuity
does
large
discussions
like
these
or
security
discussions.
D
So
if
anybody
knows
how
to
introduce
this
into
because
I
know
a
few
folks
in
continuity
from
the
amin
capabilities
work,
but
I
want
to
send
out
like
the
equivalent
of
cap
in
in
container
d,
yeah
yeah.
A
My
guess
would
be
folks
who
are
able
to
or
closer
to
continuity
than
some
of
us
here
would
be
in
sig,
node
or
sig
architecture,
so
it
might
make
sense
to
also
hop
onto
their
meeting
and
see
if
they
have
any
idea
about.
Is
there
a
cape
equivalent
for
container
d?
They
might
also
ask
why
don't
we
do
this
in
cri
spec
itself,
instead
of
container
and
time
specific
implementation?
So
might.
C
D
So
like
when
somebody
mounts
like
the
docker
socket,
they
kind
of
use
the
docker
client
in
that
case
right
right,
at
least
that's
what
I've
seen
like.
There's
versions
of
these
things
that
have
like
both
and
then
they
can
like
work
with,
whichever
one
they
have
but
yeah.
We
could
probably
I'm
not
sure
this
idea
is
not
super
mature
right,
so
it
will
also
mature
when
I
get
inputs
from
like
people
who
actually
work
in
continuity
to
see
how
feasible
it
is
yeah
but
yeah.
A
I
I
want
to
so
definitely
support
that
look
looking
forward
to
how
this
progresses.
If
you
don't
get
any
kind
of
insights
or
tips
on
who
to
reach
out
what
to
do
next,
I
know
a
few
maintainers.
I
can
drop
a
note
and
check
and
see
where
this
goes.
A
My
only
thinking
behind
this
in
terms
of
like,
obviously
this
is
this-
will
mature
a
bit
more
in
terms
of
idea
as
well
is
there
are
some
security
monitoring
agents
as
well,
which
sometimes
need
higher
privileges,
because
they
want
to
do
some
level
of
automated
mitigation
or
want
to
stop
something
from
happening
before
it
happens,
so
I've
seen
in
places,
people
have
used,
kill
commands
for
containers
or
equivalent
for
other
runtimes
where
they
are
like.
Oh,
I
know
this
container
is
vulnerable,
I'm
going
to
kill
it.
So,
in
those
cases.
C
A
D
They
like
we
can
pretty
much
do
anything
like
like
the
ideal
way
would
be
to
like,
have
a
socket
and
then
have
like
a
bunch
of,
or
have
like
a
bunch
of
different
sockets
that
are
served
by
the
same
client
to
say
like
oh,
if
you're
doing
this
like
then
mount
this
one
and
like
we'll
give
you
these
are
the
permissions
that
this
socket
has
and
like
these
are.
These
are
the
these.
Are
the
apis
you're
allowed
to
make,
and
then
the
user
can
kind
of
configure
it
as
they
please,
but
yeah.
C
D
We
had
a
ways
away
from
that,
but
like
yeah,
that
that
would
be
the
ideal
case,
but
you
you
can
solve
that
by
like
making
it
user
configurable
to
say,
like
oh
yeah.
These
uids
are
fine
to
make
this
call
and
stuff
like
that.
Correct,
correct,
yeah,
good,
good,
good
points,
though
I'm
gonna
write
these
down.
Thank.
A
You
no
worries
yeah,
I'm
I'm
definitely
would
be
happier
if
this
exists
sometime
in
future,
and
hopefully
people
might
have
done
something
similar
in
the
past,
which,
once
you
bring
this
up,
might
say:
hey,
you
know
what
somebody
who
did
this
and
that
and
we
didn't
go
far
so
maybe
it's
time
to
bring
it
up
and
maybe
some
of
the
work
that
you're
planning
to
do
might
get
accelerated.
Because
of
that.
So
that's
my
hope.
A
D
Yeah
cool,
I
I'll,
let
you
know
I'll
go
to
the
sig
node
meeting.
Like
you
said
yeah.
I
know
there's
a
few
people
who
come
there
from
container
d,
so
I
might
be
able
to
get
them
to
look
at
it.
A
Yeah,
okay
sounds
good
all
right
anything
else
from
anyone.
We
discussed
a
lot
of
things.
So
let
me
summarize
I'll
put
quick
notes
also
in
in
the
meeting
minutes
later.
Also,
if
you
want
to
put
the
notes
as
well
in
the
meeting
minutes,
feel
free,
because
I
will
probably
forget
something
so
we
discussed
first
nia's
topic
on
cva
list
so
looks
like
we
have
a
json
doc
that
works
with
static
data.
Now
the
idea
is,
how
can
we
ingest
the
dynamic
data?
A
How
can
we
create
a
pro
job
that
creates
that
dynamic
data
and
the
main
question
is:
where
does
this
json
doc
host
and
where
can
we
host
it
and
how
and
what
would
be
the
right
place
to
host
it?
So
that's
one
open
topic
we
are
going
to
discuss
there
is
a
cape
draft.
Nia
also
has
on
this,
which
she's
gonna
share
with
everyone,
and
then
we
can
start
discussing
more
on
that
third
thing.
A
I
think
tommy
and
they
are
gonna
work
on
a
new
pr
for
container
image
scanning
documentation
for
a
job
that
already
exists,
but
there
isn't
any
real
documentation
on
how
it
works.
What
is
going
on,
etc
in
that,
and
then
we
discussed
about
an
allow
list
feature
where
I
have
to
create
an
issue
to
explain
a
bit
about
it
in
terms
of
if
there
is
a
tracking
issue
on
github,
but
the
it
is
not
fixed.
A
Is
there
a
way
for
us
to
kind
of
remember
that
and
not
let
the
job
fail
and
the
fifth
one
was
creating
some
level
of
feature
in
container
and
times
from
vinayak
about
allowing
some
calls
when
a
socket
is
mounted
versus
and
disallowing
others,
which
might
be
more
privileged
than
of
than
few,
like
only
allowing
read
calls
and
rejecting
any
right
calls
purely
from
rest
api
perspective.
A
So
that's
that's.
I
think
my
summary,
let
me
know
if
I
missed
anything,
feel
free
to
add
in
the
notes
or
hit
us
up
on
slack
and
if
not,
if
nothing
else
see
you
again
in
a
couple
of
weeks
or
in
our
largest
security
meeting,
so
I'll
see
you
then
all
right
see
you
later
bye.
Take
care.