►
From YouTube: Kubernetes SIG Security Tooling 20221011
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
B
So
what
I
was
thinking
is
it's
been
a
while,
since
we
published
the
first
version
of
cap3203
the
cve
feed,
so
the
idea
was,
let's
see
what
feedback
we
have
gotten
so
far
and
create
a
plan
for
what
we
should
be
doing
next
and
what
how
that
can
come,
allow
other
people
to
contribute
to
making
those
features
a
reality.
B
So
I'll
start
sharing,
but
if
you
have
an
agenda
item
you
want
to
discuss,
we
can
do
that
earlier
than
this
discussion
too.
C
A
You
are
in
last
time,
I
saw
you
I
think
it
was
a
security
meeting.
You
were
outside
right,
like
in
the
bar
or
something
you
had
like
a
connection
issues
right,
yeah.
B
A
It
looks
amazing,
like
it
looked
like
luxurious,
crazy,
yeah.
B
B
Perfect,
so
if
I
look
at
this,
what
I
say
so
far
is.
B
We
good
with
Alpha
and
in
this
current
issue,
I've
been
trying
to
track
all
the
feature
requests
that
people
are
coming
up
with,
since
what
I
think
August
all
of
September
and
little
bit
of
October.
B
So,
let's
see
so
one
of
the
things
I
heard
multiple
times
was:
can
we
have
a
RSS
feed
that
will
allow
us
to
integrate
it
with,
like
slack
and
other
things?
So
if
new
CBE
comes
up,
we
get
a
slack
message
from
our
bot
that
shows
up
like
hey.
This
is
the
new
CV.
You
should
look
at
it,
so
that
seems
like
a
good
thing
to
handle.
I
have
to
figure
out
how
to
actually
implement
it.
B
I
saw
a
few
things
in
K
website
which
were
using
RSS
feed
already
so
I'm
gonna
think
I'm.
Thinking
of
trying
to
explore
that
then
supporting
similar
feeds
I
think
it's
not
really
like
something.
Our
sake
would
be
able
to
do,
but
it's
probably
bringing
it
up
in
cncf
tax
security,
so
they
have
a
meeting
I
believe
tomorrow.
B
So
I
will
try
to
bring
that
up
and
see
if
people
have
any
interest
in
that,
let's
see
in
rest
of
it
is
include
metadata
about
guarantees
of
freshness
in
digestion,
feed,
proud,
Job,
Link
and
last
updated
day.
I
think
that
seems
reasonable,
and
this
is
somewhat
related
to
this
one
included
Einstein
field
to
indicate
when
a
cve
is
added
to
a
fee.
B
The
field
is
also
necessary
when
the
CV
is
added
to
the
feed,
and
this
is
there
is
no
last
time,
so
it's
an
interesting
expensive
if
it
is
actually
updated.
Okay.
So
this
will
tell
like,
when
the
CVA
item
was
added
last
time
for
the
timestamp
field,
and
this
one
will
be
when
the
feed
was
updated
last
time.
A
Yeah,
and
did
you
see
that
it
talks
about
like
the
RSS
2.0
standout
in
the
in
the
first
message?
Oh
apparently,
there
is
some
stuff
this
one
yeah.
Maybe
we
can
make
like
a
I,
don't
know
where
is
this
and.
B
A
Yeah,
maybe
the
I
don't
know
I,
don't
really
know
how
you
go
is
actually
implementing
RSS,
so
I'm
not
sure
again,
like.
B
So
probably
worth
doing
both,
maybe
for
now
in
those
two
Fields
may
be
proud
job
as
well,
so
that
one
of
the
reasons
I
thought
project
would
be
useful,
is
the
feed
won't
be
updated
if
the
pro
job
is
failing
and
people
wouldn't
know
like
the
feed
is
not
updated
because
there
was
no
new
CV
or
because
the
brow
job
was
failing.
So
we
can
have
like
both
of
those
information
and
then
at
least
somebody
will
know
or
notice
it,
and
hopefully
let
us
know,
and
then
we
can
fix
it.
B
B
If
the
GitHub
issue
timestamp
is
something
we
can
pull
in,
we
can
say
like
we
will
sort
it
based
on
that
for
the
table
and
Json.
We
won't
give
any
guarantees
for
sorting,
probably
because
I,
don't
think
Json
will
anyway
any
parsers.
Also
I,
don't
think
they
have
any
guarantees
for
short,
so
we
will
just
like
keep
it
as
is,
but
for
the
table.
So,
let's
open
that
I
mean
it's
easier
to
discuss
that
way.
A
B
Yeah
you,
you
will
probably
you're,
probably
right
because
last
cve
that
shows
here
is
2017.
and
the
newest
one
is
showing
it
up
top
so
yeah
it.
It
might
be
preserved
already
and
let's
see
if
we
look
here
on
the
table,
I
think
it's
sorted
by
cve
ID.
So
this
is
somewhat
somewhat
correct,
but
the
only
Nuance
here
is
the
cve.
Id
are
not
sequential,
so
some
CV
ID
might
be
greater
in
value,
but
they
might
have
been
published
earlier
than
the
other
one.
So
that
is
the
only
catch.
A
B
Yeah,
okay,
that's
a
good
idea!
So
let's
do
that?
Okay,
so
what
else
is
remaining?
So
we
discussed
osv
format.
I
think
we'll
need
to
figure
out
some
things
so
and
this
one-
and
there
was
another
comment
from.
C
Oh
I
didn't
know
from
Carol.
B
Yeah
so
osps
looks
like
a
format
that
Google
is
using
for
managing
vulnerabilities
and
if
you
notice
right,
there
are
a
lot
of
other
metadata
Fields.
They
expect
so
from
what
I
saw
fixed
versions,
vulnerable
versions,
mitigations,
Etc,
I,
don't
think
we
have
a
nice
sort
of
clean
way
to
get
that
today
with
the
GitHub
issues,
because
most
of
it
is
described
in
a
text.
There
is
no
like
a
specific
field
for
it
and
that's
similar
to
what
Carol
had
mentioned
in
one
of
the
comments.
B
B
Yeah
and
even
if
we
end
up
doing
this
for
existing
series,
I
think
for
future,
how
do
we
kind
of
automate
that
that's
going
to
be
the
challenge
where
it
can
be
picked
up
from
next?
Maybe
some
level
of
natural
language
processing,
where
we
try
to
understand
from
issue
description,
whether
we
are
able
to
pick
up
stuff
that
is
needed
or
not,
but
yeah?
Okay,
this
is
I,
think
useful
important,
but
going
to
have
kind
of
high
estimate
for
work.
B
Others
seem
doable
seems
reasonable.
This
was
one
of
the
things
I
was
hoping
somebody
can
pick
up
outside
of
our
set
tweet
automation.
So
what
I?
What
the
suggestion
I
heard
from
folks
was
anytime,
a
new
cves
added
in
the
feed.
Can
the
kids
contributors
handle
tweet
it
out
saying
this
is
a
new
CV.
Please
look
at
the
issue.
Description
for
more
details,
I
think,
that's
that
even
that
much
is
good
enough
and
for
that,
when
I
was
looking
at
their
website
or
repo,
so
kubernetes.
C
I
think
that
is,
let's
see.
B
Yes,
okay,
so
here
I
noticed
they
have
some
level
of
automation
for
tweets.
B
C
C
Okay,
let's
do
this
okay,
so
let's
see
if
I
can
match
this
login
and
stuff.
B
C
B
Yeah
so
see
here,
I
see
this
where
they
have
a
tweets
folder
and
in
that
basically
it's
like
a
add
new
to
it
file
via
automation.
So
let's
look
at
one
of
them
and
it's
there.
B
Okay,
there
is
a
pull
request,
so
this
PR
is
auto
generated
so
they're
using
some
sort
of
interaction
for
it
and
what
changes
is
basically,
one
file
gets
added.
C
C
A
Nice
and
maybe
you
can
click
on
the
GitHub,
no
data.
C
C
B
C
B
A
Apparently,
Twitter
together
is
something
where
you
put
like
dot
Tweets
in
the
folder
and
it's
and
it's
just
like
tweet
it
with
like
the
account
of.
C
B
B
Okay,
so
provide
that
should
tweak
content
between
the
commented
colons
documentation
is
the
go
to
source
tweet
content.
Let
this
exceeding
oh
thank.
B
A
B
B
B
Okay,
so
that's
a
good
point,
hello!
Okay,
so
this
is
not
bad.
This
could
be
doable
might
require
some
more
work
than
others.
So
now
we
have
a
good
list,
though,
in
terms
of
what
would
require
least
work
maximum
benefit.
What
is
what
are
the
unknowns?
What
are
the
ones
that
will
require
more
work,
but
also
good
big
enough
benefits,
so
we
can
I'm
thinking
now
we
could
maybe
prioritize
based
on
that,
what
to
do
first,
what
to
do
later?
B
Okay,
all
right,
so
it's
8,
56,
anything
that
comes
up
from
your
experience
or
have
you
heard
any
other
feedback?
That's
not
here
from
the
or
regarding
the
senior
feed,
or
you
have
any
feedback
that
we
I
have
not
enough.
A
Yeah
not
really
I,
mostly
Came
Upon,
the
city
of
physics,
issue
on
the
website,
so
I
didn't
know
about
like
this
Jason
feed
the
specification,
so
I
just
checked
it
like.
Apparently
there
are
some
issues
about
yeah,
but
no,
no,
no,
no!
No!
No
more!
A
A
A
C
Seven
thanks.
B
B
Okay,
so
I
think
this
is
a
good
point.
I
definitely
miss
talking
about
this
I
believe
this
is
correct.
The
feed
is
definitely
not
matching
the
spec
in
its
entirety.
One
thing
that
I
was
kind
of
pleasantly
surprised
is
they
have
a
validator
for
feeds
which
I
had
no
idea
unless
until
I
found
out
like
it's
actually
not
valid,
so
only
challenge
now
I'm
thinking
is
this:
spec
actually
doesn't
have
some
of
the
stuff
that
we
need
anymore.
B
So,
for
example,
I
was
thinking
if
I
have
to
add
the
brow,
Job,
Link
or
I
have
to
add
the
timestamp
link.
I,
don't
see
it
in
in
any
of
the
fields
where
I
can
I
could
add
those
right.
So
if,
if
I
search
for
let's
say
timestamp,
you
sorry
you're
saying
something.
A
B
Yeah,
so
I
I
agree
what
they
were
suggesting.
The
person
who
created
the
issue
was
either
you
conform
to
the
field
feed
completely
so
from
on
the
client
side.
I
could
actually
use
the
tools
that
conform
to
the
field
or
just
don't
claim
it
conforms
to
to
the
feed
spec
and
just
use
whatever
works
for
you,
which
is
okay,
because
you're
trying
to
solve
a
problem
not
like
confirm
to
my
other
specification.
B
So
from
that
perspective,
I'm
thinking
like
if
it's
going
it
has
served
us
well
and
definitely
gave
me
a
good
idea
about
what
should
be
the
bare
minimum.
Things
should
be
in
the
Json,
but
for
time
and
other
things.
If
it's
not
there,
we
might
have
to
just
stop
claiming
that
it's
actually,
the
spec,
that
is
the
feed,
is
compliant
with
respect
or
not.
C
A
Don't
know
what
you
prefer,
but
of
course
it
would
be
nice
to
like
propose
all
the
specification
like
Json
feed,
RSS
and
even
like
a
nice
table
on
the
website.
But.
B
Yeah
I
think
that
shouldn't
be
too
bad.
Actually
we
could
keep
all
three
like
table:
Json
RSS,
because
all
of
them
serve
sort
of
different
audiences.
So
one
thing
I'm
thinking
is
like
table
is
legit
for
people
who
are
looking
through.
The
website
wants
to
know
the
full
density
of
cbas
across
last
five
six
years,
then
for
Json.
If
somebody
wants
to
programmatically
fetch
the
original
data,
then
it's
still
useful
and
third
one
is
like
if
I
am
up
to
date
with
all
the
CVS
so
far,
I
just
want
to
know
the
new
ones.
B
Then
the
RSS
feed
is
useful,
so
worth
keeping
it
only
thing
we
might
have
to
do
stock.
Doing
is
not
you
have
this
in
our
field
anymore,
which
basically
says
that
this
is
conformant
with
Json
Fields
fact
version
1.1.
So
once
we
remove
that,
then
we
can
say
like
Okay,
We're,
Not
Gonna
conform
it
to
this.
This
is
our
own
Json
feed
that
we
handle
and
eventually
yeah,
add
adapters
for
your
feeds
and
other
things.
But
this
is
what
we'll
be
happy
to
maintain
in
the
community.
A
B
A
A
I,
don't
know,
but
I
was
I
was
saying,
maybe
like
there
is
a
bare
minimum
for
the
tool
that
actually
are
supposed
to
process.
Just
a
feeder
can
work,
but
maybe
like
adding
random
stuff.
Is
it's
pretty
okay,
yeah.
B
So
CV
feed
is
invalid.
If
I
go
here,
that's
what
they're
saying
can
I
input
my
own
Json
in
the
validator?
That
would
be
nice
right.
B
Oh
yeah,
they
they
just
accept.
The
URLs
looks
like
oh
yeah.
So,
okay,
that's
not
too
bad,
though
so
it's
work.
Maybe
what
I
can
do
is
add
a
sample
PR
with
the
deploy
preview
and
with
new
fields
and
fixing
this
issue
as
well,
and
if
it
fixes
it
and
with
new
Fields
it
doesn't
break,
then
we
can
still
keep
seeing
that
it's
conformant,
but
we
have
new
fields.
C
B
C
A
Sorry
sorry
I
was
saying
you
said:
wait,
wait
now
in
the
specification
of
Json
field
1.1
they
have
like
this
extension
section
and
they
say:
publisher
can
use
custom
objects
in
Json
sheets
name
starts
with
an
underscore
character
followed
by
later.
So
maybe
maybe
it
will
not
work
out
of
the
box
without
that
on
yourself.
So
I
don't
know
if
it's
ideal
or
not.
B
Do
you
want
to
explore
this?
If
you
have
time
like
if
adding
random
Fields
breaks,
the
feed
or
not.
A
Yeah,
why
not
I
could
I
could
try?
Maybe
this
this
feedback
later
I
can
give
it
like
a
local
host
address,
because
it
might
run.
B
B
I
have
I'll
write
up
some
of
the
summary
of
today's
discussion
in
one
of
as
a
comment
to
the
Panic
issue.
So
we'll
wait
for
some
more
feedback
from
others.
After
that,
and
then
my
thinking
is
12
126
I
think
the
code
freeze
deadline
is
either
already
reached
or
closed,
but
we
can
start
realistically
adding
some
new
stuff
for
127
and
then
128
I'm
thinking.
We
can
keep
the
big
keep
it
for
the
big
stuff
like
adding
some
midi
affected
versions,
vulnerable
versions,
all
those
extra
Fields
And
osv
format.
B
So
if
people
who
want
those
features
are
ready
to
help,
then
I
think
that
would
be
doable,
but
otherwise
it
will
definitely
take
a
lot
of
work.
C
C
B
Okay,
thanks
for
being
my
sounding
board
and
discussing
this
with
me,
my
I
really
appreciated
and
yeah
we'll
see
each
other
and
other
people
other
folks
in
the
Sub
sub
project
in
about
a
week.
I
believe
next
meeting
should
be
on
18th
of
October,
so
that
should
be
on
schedule
on
calendar
and
on
schedule.
I
yeah
I
would
probably
do
this
repeat
of
this
and
with
more
folks
if
they
are
available
and
also
will
open
up
for
agenda
for
others
in
that
it.
B
Thanks
a
lot
for
joining,
see
you
next
week.