►
From YouTube: Kubernetes SIG Security Tooling 20211102
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
All
right,
okay,
I
you
want
to
talk
about
the
snake
stuff
or
something
else.
B
Yeah
I
mean
we
can
discuss
that
so
yeah,
so
the
on
the
same
thread
which
we
have
which
we
are
discussing
on
the
slack,
so
I
have
to
like
update
the
ticket
with
the
scam
report.
If
it
is
failing,
so
I
will
do
that,
I
mean
I
will
have
to
reproduce
that
and
then
I
will
post
the
data
to
the
in
the
support
ticket
and
let's
see
what
they
say
because
they
are
asking
like
if
it
is
a
ci
cd,
also
other
they
have
like
three
four
questions:
did
you
got
that
ticket?
I?
A
Actually,
I
did
see
something.
Let
me
check
again.
B
B
So
the
one
question
was
on:
is
it
a
ci
cd
or
not,
then
they
want
the
output
and
they
are
asking
for
the
command.
So
all
these
questions
so
like.
Let
me
just
open
that.
B
A
A
C
A
B
Okay,
but
we
are
running
this
in
this
ci
pipeline
with
the
two
jobs
right:
one
is
for
code
source
code
and
there
is
for
this
which
images.
So
he
I
mean
we
are
not
going
to
tell
them
that
we
are
using
any
cia
job.
B
A
A
B
A
A
This
is
the
organization
id
or
maybe
not
this
sorry,
I
was
interrupting.
We
were
saying
something.
B
No,
no,
I
just
said
like
this
is
the
what
which
you
showed
me
that
ci
cd
is
zero.
So
that's
c,
I
c
l,
I
zero,
so
we
don't
have
any
integration.
You
mean.
C
A
So
I
do
you
see
the
same
kind
of
out
output
on
this
tab
or
you
need
a
link
to
open
this.
B
I
see
when
hold
on
I'm
just
checking
burn.
It
is.
B
Okay,
I
I
so
basically
what
happened
like
I
just
clicked
on
the
link
or
where
we
got
that
availability
like
found.
I
just
posted
on
the
slack,
so
click
on
that
I
just
clicked
on
that
link
and
then
it
came
here
hold
on
I'll
just
go
here:
okay,
integration,
I'm
not
sure,
okay,
sorry
projects!
I
need
to
go.
B
B
B
B
B
B
A
So
all
projects,
like
all
of
those
things
that
are
opening,
have
different
project
ids.
B
A
B
B
A
Have
another
member
join
us
amit?
Can
you
hear
us
yeah,
yeah
amit
nice,
to
see
you
we're
just
kind
of
doing
this
as
an
office
hours
sort
of
thing?
So
if
you,
if
you
want
to
just
listen
in
that's
fine,
if
you
have
any
questions
want
to
talk
about
something
specific,
that's
also
fine.
We
can.
This
is
your
time.
D
Yeah
no
miss
I
I
have
talked
to
you
that
day
in
slack,
so
you
have
given
me
some
of
the
documents
regarding
this
tooling,
and
so
I
I
am
going
in
present.
I
am
going
through
the
previous
meeting,
so
I
have
not
it's
not
sure
about
two
days.
What
is
going
on
so
I
have
not
completed
the
previous
meeting
full
muscle
going
through
means.
It
is
taking
some
time,
so
I
am
going
through
that
at
present.
C
A
So
that's
fine!
If
you
even
don't
finish
all
of
them.
I
think
what
might
be
helpful
to
know
is
if
reading
some
things
that
you
have
been
reading
watching
some
meetings
that
you've
watched
is
that,
is
there
anything
that
kind
of
stands
out
for
you
or
where
you're
like?
Oh,
this
sounds
interesting
and
that's
where
we
can
go
and
figure
out
like
what
can
you
help
us
out
on
if
you're
interested.
D
Okay,
definitely,
I
will
let
you
know,
I
have
I
mean
slash
the
salsa
and
I
have
seen
some
of
this
project.
That
is,
it's
quite
means
not
familiar
but
interested,
but
I
will
dm
you
about
any
other
things
that
I
will
come
through.
B
Yeah
episode
yeah,
so
can
we
like
meet
next
week,
like
tuesday?
Also
like
there
is
next
star,
sounds
cool
on
the
json
dock.
We
wanted
to
work
on
for
the
series.
I
think
so.
B
B
Okay,
okay,
so
I'll
start.
B
Yeah
so
yeah.
The
first
question
is
like
very
like
the
series
we
get
so
what
dog
we
want
to
create
on
that
and
what
are
we
looking?
Actually
here
still
I'm
like
reading
the
task
which
we
have
here.
A
So
the
main
idea
was
today:
if
I'm
a
user
of
kubernetes,
I
can't
run
like
a
curl
command
or
anything
programmatically
to
fetch
all
the
cvas
that
were
announced
and
fixed
and
know
which
version
they
were
fixed.
B
A
B
So
this
cv
can
be
applied
on
any
of
the
project
and
kubernetes
right.
This
is
not
specific
to
any
cluster
or
something
projected.
B
A
A
So
once
this
filter
is
applied,
then
the
idea
was
I
I
mean
we
could
do
this
manually
or
automated
with
rest
api,
like
the
one
mentioned
here,
but
I'm
almost
thinking
figuring
out
figuring
that
out
might
take
longer
than
just
manually
applying
it
one
by
one,
because
there
are
15
16
cvs
only
and
then,
after
that
the
idea
was
to
actually
use
the
rest
api
to
query
github's
api
from
curl
or
some
other
way
to
create
a
json
data
block
and
that
will
have
cva
id,
which
we
can
fetch
from
the
issue
summary.
A
A
A
So
after
all
of
this
is
done,
we
will
have
to,
and
once
this
is
done
once,
we
can
then
run
create
a
pro
job
like
we
have
for
sneak
to
run
this
every
week
or
every
day.
So
anytime,
a
new
issue
comes
up.
We
are
able
to
generate
this
feed.
A
So
that
way
it
will
also
get
picked
up
in
this
pro
job
and
this
field
will
be
created
and
then
once
this
is
created,
this
json
dock
would
then
be
imported
in
a
way-
and
this
is
something
I
haven't
been
able
to
figure
out
how
to
do
exactly,
but
we
can
get
help
from
tim
on
this
to
convert
it,
to
look
like
a
page
on
kubernetes
website
where
we
can
say
hey.
A
This
is
how
this
is
the
json
doc
that
you
can
copy,
and
if
you
want
to
programmatically
access
it,
this
is
the
curl
command
that
you
can
use
and
with
with
that
information,
basically,
if
people
don't
want
to
use
call
command,
they
won't
just
want
a
programmatically
passable
blob.
They
can
copy
that
json
doc
or
data
and
do
whatever
they
want
with
it,
and
if
they
want
to
run
a
curl
command
to
just
fetch
it
periodically,
they
can
run
that
girl
come
on
and
get
the
same.
B
Okay,
okay
yeah
now
got
a
bit
idea
on
this
and
the
and
to
get
the
list
of
github
issues.
There
are
github
apis
which
we
can
use
right.
A
Yes,
so
that's
the
part,
I
was
hoping
you
or
anyone
else
can
help
on,
because
I'm
not
I'm
also
not
very
familiar
with
github
rest
api,
and
we
don't
have
to
wait
for
this
label
to
show
up
as
long
as
we
have
some
kind
of
a
code
that
can
filter
on
some
label
and
start
creating
this
kind
of
json
data,
I
think
once
the
label
is
merged,
these
two
and
combining
both
of
them
together
would
be
easy.
A
So
that's
that's
the
next
step,
essentially,
while
we're
waiting
for
this
pr
to
get
merged
and
if
you
can
do
anything
now,
late
or
next
week
or
week
after
whenever
you
have
time,
I
think
that
will
be
really
helpful.
A
A
Perfect,
so
we
we
know
the
answer
to
this
question:
we'll
have
to
locally
try
and
run
it
and
see
if
it
works.
What
we
are
not
sure
about
is
this
first
question.
I
think.
C
C
Yes,
they
probably
just
would
like
to
see
the
scripting
around
it.
So
you're
setting
things
right
ahead
of.
A
C
C
Yeah,
this
is,
is
the
docker
file
for
this
image
in
this
list.
Are
you
scanning.
A
C
So
from
the
sneak
web
interface,
we
don't
have
we
don't
from
a
github
point
of
view.
All
we
would
have
would
be
a
docker
file
to
do
a
static
analysis
on
so
you
don't
have
one
there
and
since
you
don't
also
have
you
can
set
this
up
to
go,
look
at
gcr
and
pull
the
image
and
scan
the
image
just
like
you're
doing
from
the
prowl.
But
since
that
image
is
ephemeral
at
the
moment,
you're
scanning
it
right,
you
haven't
pushed
it
anywhere.
C
As
far
as
I
remember,
you
don't
have
a
project,
so
I
would
just
reply
to
say
this:
this
is
a
cli
only
scan
not
from
a
project,
so.
C
Cli
monitor
just
fyi
that
would
create
a
project
id
because
they
would
push
the
map
the
basically
the
bill
of
materials.
If
you
will
well
that's
a
loaded
word
and
it
would
create
a
project
in
here
with
a
cli
logo
on
it,
but
you're
not
doing
that
either.
So.
A
Always
no
worries
don't
worry
about
it.
I
am
glad
you
were
there
to
help
us
out
okay,
so
maybe
one
question
may
have
for
now
that
we
discussed
the
cva
feed
issue.
One
question
stem
also
asked
was:
would
it
make
sense
to
have
some
kind
of
a
cap
which
is
kubernetes
enhancement
proposal
to
describe
the
details
and
what
we
actually
need
to
do,
and
it's
sort
of
in
I'm
in
two
minds
wanted
to
get
feedback
from
you
also
and
at
at
some
level.
A
B
Okay,
I
think
the
the
issue
of
you're
talking
on
the
cv
right
yeah,
which
one
we
did
yeah.
The
issue
has,
I
mean
lot
of
details
and
I
generally
look
for
the
reference
tissues
like
so
do
we
have
any
kept
created
for
this
or.
A
Not
no,
we,
we
don't
but
team,
suggested
that
and
I
wasn't
sure
whether
I
should
or
not,
and
now
that
you're
also
working
on
this
and
you
have
context.
I
wanted
to
get
like
second
opinion,
and
if
you
also
think
cap
is,
would
be
useful,
I'll
create
one.
B
Okay,
I
mean
see:
I'm
not
worked
on
cap
before
so
I
mean
you,
it
would
be
good
if
you
suggest
that
whether
we
need
it
or
not,.
A
Right,
I,
I
am
not
sure
right
now,
so
maybe
I'll
think
about
it
and.
D
A
Okay
cool,
so
I
need
to
drop
off
for
another
meeting,
but
thank
you
everyone
for
joining.
I
I
think
we
got
a
lot
done.
At
least
we
know
what
to
do
next
and
amit
feel
free
to
reach
out
like
we
discussed.
If
you
have
any
questions,
don't
feel
obliged
to
read
and
watch
everything.
I've
shared
do
whatever
you
can
and
then,
if
you
feel
you
are
fifty
percent
ready,
you're,
100,
ready
and
then
just
go
and
start.