►
From YouTube: Kubernetes SIG Security Tooling 20221115
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
Cool
I
see
couple
of
new
names
in
the
meeting
invite
meeting
window,
so
we
can
do
a
quick
bit
of
intros
and
then
you're
all
welcome
to
do
yours
as
well,
so
hey
I
am
pushkar.
I
am
been
leading
this
sub
project
in
six
security
called
tooling.
A
We
do
a
bunch
of
different
things,
working
with
different
sub
projects,
in
our
sake,
as
well
as
other
six
like
architecture
release
Etc
and
the
main
goal
is
well.
How
can
we
improve
security
of
kubernetes
by
writing
code
in
the
GitHub
repo
of
kubernetes,
or
anything
that
is
supporting
kubernetes
like
the
infrastructure
that
all
the
kubernetes
releases
run
and
test
Etc?
So
that's
what
we
do.
We've
done
a
few
things
like
vulnerability
scanning,
creating
Auto,
refreshing,
CBE
feed
in
the
past.
A
One
of
the
main
goals
for
next
three
four
months
is
updating
and
improving
the
CVA
feed.
That's
what
one
of
the
topics
for
today's
meeting
was
so
welcome.
If
you
are
new
and
if
anyone
else
wants
to
do
an
intro
for
themselves,
please
go
ahead.
B
Yeah
so
hello,
everyone
and
my
participating
a
little
bit
to
60
queries
from
time
to
time,
I'm
working
as
a
security
engineer
at
The,
Quest
lab
in
Paris
and
and
yeah.
That's
it
I
try
to
help
push
car
a
little
bit
from
time
to
time
and.
C
Hi
I'm
Eric
Smalling
I'm,
a
developer
Advocate
at
sneak
and
I
kind
of
do
the
same
thing
help
PJ
wherever
I
can
and
the
team.
D
Hi
everyone
very
Zoom
I'm
principal
and
security
engineer
from
Garrett.
We
are
a
U.S
and
European
company.
A
A
A
Hey
welcome
Jason
and
Toby
great
to
see
you.
We
all
started
more
or
less
in
one
of
like
by
one
of
all
of
our
stats
was
let's
join
a
meeting
and
see
how
it
is
and
then
go
from
there
so
happy
to
see
both
of
you
joining
feel
free
to
hang
around
with
us
anytime.
You
want.
We
are
also
on
slack
one
of
the
things
we
do.
A
A
lot
is
make
sure
people
who
can't
make
the
meetings
can
catch
up
on
the
meetings
through
meeting
minutes
which
are
here
in
the
link
I
pasted
in
the
soup
chat.
So
few
things
about
that
is,
you
can
add
your
name
and
your
preferred
pronoun
in
the
attendance
section.
Then,
if
you
have
a
topic
that
you
would
like
to
discuss,
you
can
put
it
in
the
discussion
section
just
below
that,
and
you
don't
have
to
wait
until
the
meeting
to
put
the
topic.
You
can
also
put
it
before
the
meeting.
A
If
something
comes
up
between
now
and
the
next
meeting
and
one
other
thing
we
do
is
typically,
we
try
to
take
notes
so
that
people
don't
have
to
wait
for
a
recording
or
don't
want
to
don't
have
to
catch
up
with
talk
by
talking
to
somebody
who
was
in
the
meeting,
but
they
can
just
read
the
notes.
A
So
if,
as
a
new
contributor,
any
a
great
thing
to
get
started
would
be
like
taking
notes
or
just
seeing
how
somebody
is
taking
notes
if
one
of
the
existing
contributors
are
taking
it
today
and
then
anytime,
you
have
questions
for
when
whatever
we're
discussing,
please
go
ahead,
stop
us.
We
will
be
happy
to
give
some
context,
because
sometimes
we
assume
some
context
and
clearly
it's
missing,
so
don't
be
afraid
to
stop
us
and
ask
more
questions
so.
D
I
I
yeah
thanks
for
sharing
the
Google
Doc,
do
we
usually
have
a
subsection
cone,
follow-up
or
or
something
like
that
below?
Usually
in
a
typical
organization,
you
have
a
action
items
at
the
end
of
every
meeting
now,
obviously
in
in
here
I
did
it
my
first
sic
meeting
by
the
way.
D
So
forgive
me
if
I,
if
I,
don't
know
the
protocol,
do
we
have
some
kind
of
like
a
follow-up
action,
maybe
some
kind
of
parking
lot
for
the
next
meeting
or
something
like
that
that
we
wanted
to
do
or
if
everything,
under
a
note
under
note.
A
A
What
we
can
do
for
now
is
add
a
subsection
if
we
miss
something-
and
we
want
to
follow
up
next
time
in
the
discussion
section
and
if
you
don't
get
to
it
between
now
and
the
next
meeting,
we
can
continue
discussing
it
in
the
in
the
meeting
that
follows
that
works
for
you
yeah.
Thank
you,
good.
Okay,
yeah.
So
please
add
your
names.
If
you
haven't
already
I
know,
sometimes
Google
Docs
access
is
restricted.
A
So
if
one
you
are
one
of
you,
one
of
that
person,
let
me
know
I
can
add
your
name
as
well.
Cool,
so
I
see
one
topic.
Somebody
has
added
in
the
template,
but
we
can
discuss
it
now
as
well.
So
this
is
talking
about
best
practices,
white
paper
version
2.
Anything
else
was
it
from
you.
Diesel.
D
By
the
way,
so
when
you
pronounce
my
name,
you
can
augment
the
D
at
the
beginning,
so
it's
just
like
a
z-u-n-t
zoom,
almost
like
a
zoom,
confident
cone.
So
oh
okay,
yeah.
D
I
am
I'm
working
with
a
client
currently
and
there's
a
there's.
A
long
list
of
thing
to
do,
but
one
of
which
is
the
best
practice
and
I
know
that
we
have
the
the
version
two
from
clcf
for
security
best
practice,
but
I
should
run
the
you
know
from
from
the
group
perspective.
D
Is
there
anything
else?
In
addition
to
that,
we
can
add.
D
Sorry,
it's
a
release
in
May
of
this
year,
so
it
was
only
a
few
months
ago.
So
let
me
find
the
link.
D
Yes,
yeah
exactly
cncf
version,
2
white
paper,
security,
white
paper,
all
right.
A
Okay,
so
yeah
I
can
definitely
we
can
talk
about
it.
Can
you
share
again,
did
you
have
specific
questions
in
the
paper
about
the
paper
or
you
had
a
suggestion
that
would
improve
the
paper
or
something
else?
No.
D
No
I
I,
I
I'm,
just
I,
haven't
had
a
chance
to
digest
it.
Yet.
F
D
Just
scan
through
it
very
quickly,
but
I
just
wanted
to
look
from
this
forum
perspective.
Is
there
anything
else
that
that
that
that
we
want
to?
We
want
to
to
share
with
the
team.
C
So
there
is
another
document
that
has
been
in
draft
for
a
long
time
that
I've
actually
volunteered
to
help
with
and
haven't
gotten
to
called
the
kubernetes
hardening
guide.
I'll
put
a
link
here
this
has
been
is
being
discussed.
Is
this?
Do
you
know,
is
this
a
tag,
security
initiative,
or
is
this
a
kubernetes
hardening.
C
Okay,
so
it's
it
would
be
good
to
take
a
look
at
that,
probably
or
add
that
to
your
list.
D
So
so
sorry,
Eric
again
can
you
share
the
link
or
something
yeah.
C
D
And
Eric
is
that
is
that
much
different
from
the
Pokemon,
the
NSA
document.
A
A
I
can
share
a
bit
more
about
that,
so
it
will
have
some
common
things
for
sure
compared
to
what
NSA
CSI
is,
and
this
is
going
to
look
like
the
the
people
who
will
write,
it
will
be
different,
so
the
people
who
write
the
hardening
guide
would
be
the
folks
in
the
kubernetes
community
who
have
been
practitioners
of
securing
kubernetes
and
they
will
right
way,
maybe
very
specific
Guidance,
with
links
to
other
documents
within
the
kubernetes
website.
A
So
it's
still
a
work
in
progress,
so
there
is
some
chance
also
to
mold
it
based
on
how
you
think
it
should
be
like,
but
that's
definitely
another
thing
really
relevant
to
the
CNC
of
white
paper.
Another
thing
very
close
to
that
is,
you
might
be
aware
of
a
page
in
kubernetes
website
called.
A
Security
checklist
is
one
which
Mahi
worked
on
for
a
lot
with
many
others
that
is
already
published.
So
so
you
can
take
a
look
at
that
and
see
if
that
is
useful.
One
thing
that
I
wanted
to
share
was
this
one,
so
this
this
page,
you
might
have
seen
in
the
past
called
overview
of
cloud
native
security.
A
This
is
sort
of
like
the
kubernetes
communities
perspective,
of
how
to
secure
kubernetes
in
using
four
C's
of
cloud
cluster
container
and
code
right,
and
there
has
been
an
open
issue
on
kubernetes
website
which
was
talking
about.
Can
we
refresh
this
by
using
the
cloud
native
security
white
paper
version
too,
because
that
that
explains
and
goes
in
much
in
depth
compared
to
this
content,
which
was
written,
maybe
I,
think
four
or
five
years
ago?
A
So
the
idea
was:
can
we
refresh
it
in
such
a
way
that
it
reflects
what
is
in
the
Cloud
native
security
white
paper,
but
it
is
still
specific
to
kubernetes,
so
I'll
find
an
issue
right
now
quickly
if
I
can,
which
talks
about
it,
and
it
is
actually
looking
right
now
for
contributors
who
can
help
out
on
that.
So
if
that
interests
you
that
might
be
another
thing
to
take
a
look
at
yeah.
B
A
Yeah,
so
this
I
think
is
the
latest
thinking
from
kubernetes
sick
talks
technically
about
whether
to
keep
this
page
or
whether
to
remold
this
page
into
something
else.
A
A
A
All
right,
I
think
that
is
it
and
you
have
two
more
topics,
features
tool,
comparison
and
automation.
Before
we
jump
to
this,
is
this
helpful
with
the
links
we
shared
some
for
what
you
wanted
very.
A
Okay,
cool
all
right
and
maybe
share
a
bit
about
the
the
next
two
items
you
had
in
the
agenda.
D
Yeah,
so
we
are
a
a
a
consulting
company,
so
we
are
well
vendor
neutral
and
so
when,
when
we
when
we,
when
we
work
with
client,
we
we
we
wanted
to
recommend
best
of
breed,
if,
like
so,
they
have
there's
a
three-tone
through
the
same
thing.
We
wanted
to
present
to
them
and
say
Here's,
a
pro
and
corn,
which
tool
yeah.
Here's
a
feature
benefit
of
each
tune,
and-
and
you
know
we
are,
we-
we
make
a
decision
Joy
with
the
customer.
D
So
we
we
don't
recommend
any
One
Tone.
We
we
have
discussion
with
customers
and
that's
why
that's
why
we
want
to
come
in
with
the
neutron
way
so
feature
and
tune.
Comparison
is
obviously
very
essential
for
security,
because
once
the
customer
decide
to
make
to
using
a
tune,
they're
going
to
use
it
for
quite
a
long
time,
yeah
and
and
and
and
the
little
e
platoon
is
good.
They
may
spread
it
to
other
people
or
department
or
even
other
other
group
as
well.
D
So
that's
that's
very
key
and
then
the
the
second.
The
third
topic
is
on
the
automation.
Now,
obviously,
everyone
talk
about
CI,
CD
and
there's
a
lot
of
other
terms.
I
wanted
to
start
from
the
top
from
the
bill.
The
bill
face
the
deployed
phase
and
then
the
the
runtime
phase.
So
what
kind
of
automation
tool
that
we
have
again?
These
are
again
similar
to
the
best
practice.
But
again,
maybe
a
little
bit
more
focused
now
on
on
on
on
something
specific.
A
Right
right,
yeah,
I,
think
that
makes
sense.
Are
you
looking
for
advice
in
terms
of
like?
Is
there
any
existing
feature
and
Tool
comparison
that
we
can
link
coming
from
the
community
or.
D
It
may
be
a
starting
point
yeah,
because
if
you
look
at
the
tune
for
for
for
from
kubernetes
there's
a
lot-
and
there
may
be
some
tune-
that
the
cloud
Cloud
agnostic,
so
the
tool
can
work
with
Amazon,
Microsoft
Google
or
maybe
something
that
may
be
specific
form
from
from
each
Cloud
vendor
yeah
their
own
tool.
But
again
you
know
just
something
that
we
already
have.
We
don't.
We
don't
have
to.
You
know
work
on
this
from
scratch
with
something
that
already
exists.
D
Similar,
like
the
best
part
is
we
can
share.
That
would
be
pretty.
A
Got
it
so
one
thing
that
I
wanted
to
clarify:
if
you
seen
kubernetes
website,
also
I
think
you'll
see
some
notes
there,
the
community
itself
doesn't
recommend
one
tool
or
the
other.
That's
the
official
stance
from
every
one
of
us
and
I
think,
like
you
said
since
you're
also
vendor
neutral,
it
probably
makes
sense
for
you.
A
So
that's
the
main
thing
to
clarify
in
terms
of
community
work
where
people
have
written
some
recommendations
like
in
case
of
pod
security,
I,
see
a
common
example
where
they
say
you
could
use
gatekeeper
or
keyword
no
for
advanced
use
cases,
but
even
in
that
case,
it's
not
an
official
recommendation
and
people
are
requested
to
do
their
own
due
diligence,
their
own
analysis
on
whether
that
tool
makes
sense
whether
you
want
to
adopt
it.
So
that's
always
going
to
be
the
case.
A
One
thing
I
wanted
to
go
back
a
bit
was
when
I
forgot
to
mention
that
the
cloud
native
security
white
paper
actually
comes
from
a
different
group,
even
though,
like
the
names
are
kind
of
similar,
so
it
comes
from
a
technical
Advisory
Group
at
cncf
level
called
secure
tag.
Security
tag
is
the
short
for
technical,
Advisory
Group,
and
there
are
some
common
people
in
both,
including
me
who
work
on
work
and
both
both
the
groups.
A
What
can
we
do
to
secure
kubernetes
more
so
one
of
the
things
I
would
point
to
in
from
their
side
is
something
called
controls,
catalog
from
cncf
tag
and
I'll
share
a
link
later,
but
that
might
be
the
closest
to
what
you
have
or
what
you
wanted
in
terms
of
what
tools
might
be
useful
for
implementing
a
specific
feature
that
I
might
not
have
thought
about.
So
I
think
there
was
a
Blog
on
that
I'll
just
quickly
link
it
and
then
go
ahead
with
your
question.
What.
D
Now
again,
I
I
I
understand
that
we
we
do
not
make
recommendation
I,
just
wonder
whether
there's
some
kind
of
just
like
again
just
a
new
Zone
comparison
but
yeah.
Okay,
that's
fine
yeah.
A
The
the
blog
goes
into
some
depth
about
like
what
they
are
trying
to
do
with
catalog,
so
that
might
be
closest
to
what
you
are
looking
for,
but
yeah.
So
that's
the
general
stance.
Apart
from
that,
you
had
another
question
on.
A
D
Yeah
again
below
without
going
to
vendor
specific
again,
automation
is
big
thing
yeah,
because
you
know
the
the
the
more
automation,
the
the
less
human,
the
less
human
interactions
from
a
security
perspective,
usually
I
mean
not
Woodway,
but
usually
it's
better.
So
again,
like
I,
said,
I
haven't,
went
through,
I
haven't
gone
through
the
the
white
paper
in
detail,
but
again
I.
Just
wonder
you
play
from
a
cmcr
perspective.
If
there's
some
some
guidance
on
on
automation
for
the
community.
C
Yeah
I'll
jump
in
here
a
second
and
I
was
joking
about
you
know:
vendors
I
do
work
for
one
of
the
vendors
in
the
space
and
I.
Don't
want
that
to
be
pushing
anyone,
but
a
lot
of
the
questions.
You're
asking
I
had
the
same
ones
as
I
started
into
the
Sig
security
team
a
year
ago
or
two
years
ago.
C
Now
it's
been
two
years
wow
and
a
lot
of
them
actually
are
more
just
I
think
discussed
more
in
the
tag
security,
the
higher
level
because,
as
I
understand
in
pushkar,
correct
me
if
I'm
wrong
here,
but
the
Sig
security
is
more
about
the
security
of
the
kubernetes
project
itself,
the
KK
and
everything
around
it.
C
Whereas,
if
you
get
into
tag
security
like
like
there's
a
working
group
I
attend
in
there
the
tag,
security,
secure
supply
chain
working
group
and
the
ancillary
open,
ssf,
Linux
Foundation,
you
know
kind
of
parallels
to
those.
Those
might
be
good
ones
to
attend
as
well.
C
To
answer
some
of
the
questions
or
to
get
some
Clarity
around
things,
you
know
as
a
consultant
I
would
want
I
agree
with
100
with
you.
You
don't
want
to
recommend
a
given
tool,
but
you
might
have
practices
that
a
tool
might
fit
better
with
their
organization
or
if
they
already
have
a
tool.
How
can
they
apply
that
at
their
organization?
So
that
would
be.
My
recommendation
would
be
to
to
stay
with
us,
but
also
jump
over
into
the
tags
as
well.
A
Yeah
I
I
agree
100
to
what
Eric
said.
The
way
to
join
their
group
is
to
go
to
their
repo
that
I
linked
on
Zoom
you'll
see
how
to
attend
meetings
there.
They
have
a
readme
there.
They
have
a
dedicated
slack
workspace
as
well,
which
you
can
join
and
then
they'll
have
channels
for
different
things
that
they're
working
on
same
kind
of
situation
like
Zoom
meetings,
slack
but
different
scope,
different
people.
But
this
common
mission
of
securing
things
that
are
Cloud
native
only
thing
is.
This
is
scope
to
kubernetes.
D
And
tax
stand
for
technical,
Advisory
Group
or
something
like
that:
yeah
yeah
exactly
and
do
they
have
a
slack
Channel
as
well?
Yes,
okay,
perfect.
F
D
I
I
I
I
just
enjoy
the
the
the
group
Channel,
so
I
will
draw
the
other
one
of
you.
Yeah.
C
There's
actually
another
server,
there's
a
slack
server
for
cncf,
as
opposed
to
just
kubernetes
just
but
the
cncf
slack
server
has
the
tag
security.
All
the
tags
are
in
those
perfect.
Thank.
A
You
yeah
yeah,
exactly
yeah,
it's
just
like
a
different
workspace,
but
same
slack,
app
same
slack,
Channel
kind
of
situation,
yeah
I
noticed
I
missed
somebody
who
joined
a
bit
later
after
we
did
the
intros
so
submit.
If
you
want
to
say
hi,
we
are
all
like.
Some
of
us
are
existing
some
of
our
new
members
just
trying
to
talk
about
things.
People
want
to
talk
about
if
you
have
a
topic
in
mind,
happy
to
feel
free
to
jump
in
and
share
with
us.
G
Yeah
same
as
I
thought,
I'll
see
what
happens
in
the
security
in
kubernetes
right,
so
I'll
just
check
and
see
what
is
happening.
Usually
I
like
a
bit
of
security
things
when
it
comes
together
in
the
company
that
I'm
working
on,
we
have
these
sort
of
things
right,
securing
kubernetes
and
all
those
things
I
think
a
lot
of
questions
are
already
answered.
I
was
just
listening
by
okay.
What
is
happening
is
something
interesting
that
I
can
chip
in
play
around
think
Airways.
That
sort
of
thing.
A
All
right,
yeah,
that's
great
great-
to
see
you
in
the
meeting.
One
thing
I
would
say
is
we
are
fairly
active
on
different
slack
channels,
so
slack
channel
for
this
sub
project
is
six
security.
A
Tooling,
our
larger
sync
channel
list,
six
security
and
between
the
words
there
is
a
dash,
so
just
continue
to
look
out
for
stuff
in
those
channels,
as
you
are
exploring
more
sometimes,
we
will
also
end
up
sharing
things
like
I
know,
two
three
weeks
back,
I
shared
a
bug
fix
that
I
was
doing
and
then
Mahi
saw
that
and
he
was
like.
Oh
there
is
a
better
way
to
do
it
and
then
he
shared
that
idea
opened
a
PR
and
now
it's
merged
yesterday.
A
So
now
the
code
is
better
than
it
was
before,
and
we
didn't
even
have
to
do
a
meeting
for
this.
So
that's
sort
of
how
we
end
up
working
across
the
world
because
I
is
in
France
I'm
in
San
Francisco
SO
meetings.
We
don't
have
to
wait
for
meetings
to
get
stuff
done.
We
can
continue
to
do
those
things
in
non-slack
and
same
thing,
I
would
suggest
is
like
keep
a
track
on
slack.
The
mailing
list
isn't
that
active
but
slack.
Definitely
there
is
lot
of
content
going
around.
G
A
Right
cool
some
nice
swag,
related,
jokes,
I,
missed
in
the
chat,
so
that's
good
and
yeah.
We
would
love
to
see
you
in
SF.
Also,
my
one
day
would
be
great:
okay,
cool.
D
So
Eric
I
I
I
was
chatting
with
my
one
of
my
family
member
and
I
I
using
your
company
abbreviation,
and
they
said
what
does
that
mean?
I,
never
heard
about
that
before
I
said:
oh
I.
D
I
I
I
I
know
what
it
is,
but
I
I
was
I
was
just
sharing
with
my
my
family
member
and
she
doesn't
understand
what
what
it
means.
I
and
I
have
to
tell
here
so
yeah,
but.
F
A
Cool
all
right,
oh
we
have
another
person
joined
in
I,
miss
them
miss
them
as
well.
Hi
call
I'm
here
to
learn
about
kubernetes,
tooling
process.
All
right,
cool,
hey
do
I,
see
a
familiar
face.
No
okay,.
A
Good
to
see
you
yeah
yeah
same
here,
he
is
my
ex-colleague
and
we
had
a
lot
of
fun
when
we
worked
together
so
good
to
see
you.
E
Sure
I
used
to
work
at
the
same
place
as
pushka
and
work
on
kubernetes
security
and
now
I've
moved
on
to
work
at
the
qualis.
Working
on
container
security
and
I
just
want
to
know
what
things
coming
up
on
kubernetes
site:
internal
security,
so
that
I
can
incorporate
those
requirements
into
the
product
and.
A
Yeah
definitely
would
love
to
have
you
around.
We
were
in
VMware
together,
bye,
yeah
and
yeah.
So
today
was
mostly
the
sub
project
meeting
where
we
work
on
so
so
we
have
two
types
of
sessions.
A
Working
and
learning
session
today
was
supposed
to
be
working
session,
but
I
kind
of
is
had
assumed
that
new
folks
would
jump
in
today,
and
then
we
will
have
a
good
discussion
so,
which
is
what
we're
doing
now,
just
giving
them
in
production,
seeing
if
there
are
any
topics
that
they
want
to
bring
up
with
some
some
really
good
topics,
and
we
had
some
good
discussion
about
it.
A
A
The
specific
work
that
we
are
doing
that's
coming
soon,
in
maybe
version
127,
is
some
updates
to
our
kubernetes
official
CBE
feed
that
we
built
last
early
this
year,
I'm
already
thinking
this
is
2023..
So
so
there
have
been
some
good
feedback
from
a
lot
of
people
in
the
community
about
what
we
can
do
to
make
it
better.
A
So
we
we
found
a
reasonable
com
compromise
about
how
much
what
we
can
pick
from
that
to
graduate
our
Alpha
official
feed
to
be
beta
and
that's
the
main
goal
for
the
upcoming
127
release,
not
the
126
one,
which
is
coming
soon.
So
that's
clearly
the
main
thing
from
our
group.
There
are
other
things
coming
from
other
sub
projects
which
you'll
get
to
talk
next
week
when
we
meet
with
security.
There
is
a
chance,
though,
with
Thanksgiving
we
might
cancel
it.
A
So
yeah,
so
that's
about
it
anything
you
would
add.
I
require
my
I
think
Eric
had
to
drop.
A
All
right
cool,
oh
by
the
way,
this
meeting
goes
for
45
minutes,
so
we
will
have
about
10
minutes
more
to
discuss
anything
else,
but
sometimes
like
Eric.
If
you
have
a
conflict
and
you
have
to
leave
at
nine,
that's
fine
as
well.
No,
you
don't
have
to
stay
the
whole
meeting
as
well
sometime.
If
you
cannot
okay
cool
anything
else,
anyone
wanted
to
bring
up.
I'll
just
add
some
notes
about
what
we
discussed
with
on
mobile,
give
it.
A
I
will
give
a
brief
overview
for
everyone,
and
so
everyone
is
on
the
same
page
and
my
heavy
I'll
start
a
thread
with
you
afterwards,
sometime
this
week
or
later,
where
we
can
start
adding
some
issues
about
the
improvements
we
planned.
So
let
me
get
my
sharing
duties
of
the
meeting.
I,
don't
I
have
to
add
a
special
code
to
get
that
so.
A
All
right,
I
think
I'm
good
now,
I
missed
three
chat.
Messages
looks
like
okay,
cool,
no
worries,
so
I'll
share
my
screen.
Now
it
should
show
up
with
Google
Chrome.
Let
me
know
if
you
think
the.
F
A
Perfect,
all
right
cool,
so
this
is
the
tracking
issue
for
the
design
of
the
CVA
feed,
and
this
is
the
tracking
issue
for
the
overall
larger
initiative
of
creating
this
list.
A
A
As
of
one
month
back
when
we
discussed
some
of
the
things
we
decided
to
do
was,
can
we
do
a
RSS
version
of
this
field?
So
that's
something
we
are
going
to
work
on.
Another
thing
was
sort
the
cve
table
from
most
recent
CV
to
list
recency.
So
what
does
that
mean?
So
if
we
go
to
official
CVA
feed
and
go
here
out,
I
think
I
missed
a
chat
message,
all
right,
cool
thanks,
my
yeah.
So
if
we
go
here,
you
will
see
this
table.
A
This
is
the
feed
that
we
created,
and
this
is
the
table
that
is
generated
using
Json
data
that
is
stored
here.
So
if
you
want
to
access
it
programmatically
and
kind
of
pass
through
it,
you
can
use
this
Json.
This
is
for
human
readers,
like
you
and
me,
and
then,
if
we
go
here,
you'll
see
the
request
is
sort
the
CV
table
from
most
recent
CV
to
list
recent
CV.
So
the
goal
here
is:
can
we
do
this
from
most
recent,
to
least
recent,
and
what
we
don't
have
is
a
date
column
here.
A
So
what
it
is
being
sorted
at
as
today
is
essentially,
if
you
look
at
the
issue
numbers
it's
pretty
much
getting
sorted
based
on
that,
so
one
one
three,
seven:
five,
seven,
five,
six
and
one
two
five
one
three
and
then
keep
going
to
four
three
four,
five:
nine.
So,
instead
of
that,
we
want
to
have
a
date
issue
a
date
column
and
then
we
will
sort
through
that.
So
that's
one
of
the
tasks.
A
A
A
E
D
Similar
question:
if
I
I
don't
know
if
I
missed
something
here,
I
think
that
I
think
that
they
seemed
to
be
quite
useful
thing
to
do.
But
again,
I,
don't
know
if
I
missed
something.
Do
we
have
a
cve
map
to
a
particular
version.
A
A
G
A
Thank
you,
okay.
So.
A
Yes,
okay,
so
this
was
the
comment
that
similar
to
some,
what
you
shared
like
can
I
have
vulnerable
versions,
fixed
versions
in
the
table
or
in
the
Json
and
I.
Think
I
totally
agree
that
it
would
be
a
good
idea.
Problem
is,
if
we
look
at
this
issue
the
way
it's
defined.
There
are
no
Fields
or
labels
where
we
can
say.
Oh,
this
issue
fixes
this
version,
but
this
is
essentially
text
and
we
would
have
to
pass
this
markdown
to
come
up
with
this
and
then
convert
it
into
anything
less
than
this
is
vulnerable.
A
Anything
this
version
or
after
is
fixed,
so
this
parsing
right
now.
The
way
it's
done
is
going
to
be
difficult
and
anytime.
Somebody
changes
the
way
they
have
created
an
issue.
We
will
have
passing
failures
and
it
will
sort
of
keep
breaking.
So
because
of
this
limitation,
we
decided
at
least
from
alpha
to
Beta.
A
We
won't
implement
this
feature,
not
because
it's
not
important,
but
because
we
don't
have
enough
people
to
help
out
on
making
this
possible,
because
this
would
involve
a
lot
of
communication
and
talking
with
a
lot
of
people
from
security
response
committee.
From
release
team
to
say
like
can
we
do
some
automation
where
we
start
storing
this
information,
maybe
in
some
file
in
Google
Cloud
bucket,
and
then
we
are
able
to
parse
it
from
there.
A
So
that
will
be
a
lot
of
work
lot
of
collaboration
so
because
we
haven't
had
any
people
yet
who
can
volunteer
to
do
that?
We
decided
okay
for
now.
Let's
not
do
it,
but
this
is
a
good
feature
in
future,
so
for
anyone
who
has
time
in
the
call
and
might
be
interested
to
do
this
think
about
it?
Let
us
know
I
would
love
to
have
this
feature,
but
it's
really
limited
with
the
number
of
people
we
have
today.
A
Yes,
and
no
so
we
would
have
to
communicate
using
the
if,
even
if
we
communicate
using
the
GitHub
issues
to
anyone
who
is
reading
the
details,
but
for
automation,
the
way
the
table
is
created,
we
are
not
creating
a
pull
request.
Every
time
a
new
issue
is
added
or
a
new
CV
is
announced.
This
is
automatically
getting
pulled
from
using
GitHub
rest
API.
So
anytime
we
have
a
specific
issue
with
a
specific
label.
We
pull
that
information
from
GitHub
press
API,
converted
to
Json
converted
to
that
table.
A
So
that
way
we
don't
have
to
keep
keeping.
We
don't
have
to
keep
track
of
new
CVS
when
they
are
announced.
So
if
you
want
to
keep
that
theme
and
keep
that
workflow
the
same,
we
would
need
to
have
some
automation
during
the
creation
of
the
CV
so
that
we
are
able
to
pull
the
affected
versions
and
fixed
versions
and
the
other
piece
that
will
be
a
larger
effort
is
doing
this
all
the
way
until
the
last
issue
five
six
years
ago,
that
was
announced
and
doing
doing
the
same
for
that
as
well.
F
A
So
that's
the
main
thing.
I
know
we
are
out
of
time,
so
I'll
stop
sharing.
So
the
goal
is
now.
We
have
some
time
between
the
start
of
127
version
and
now
which
is
good
because
of
holiday,
break
and
everything
things
are
slow,
but
the
goal
is
to
do
progress
on
some
of
these
issues
in
the
coming
months
and
then
do
that
update
of
the
CD
feed
from
alpha
to
Beta
and
in
the
meantime,
if
something
else
comes
up
that
is
in
useful
improv
and
can
be
improved.
A
Maybe
from
one
of
you,
please
feel
free
to
bring
it
up
and
we
will
continue
to
work
on
it.
There
are
some
existing
things.
We
will
continue
to
maintain
like
World
LBT
scans
we
have
for
kubernetes,
and
so,
if
something
breaks,
that
is
a
dog
thing
that
we
fix.
So
hopefully
this
call
was
useful
in
giving
you
verified
of
what
we
do,
what
we
are
planning
to
do,
how
things
work?
What
are
the
different
groups
involved
so
great
to
see
you
all
today
hope
this
was
useful
and
hope
to
see
you
next
time.