►
From YouTube: Kubernetes SIG Security 20230323
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
B
Hello,
I'm,
Savita,
I
I
am
the
Project
Lead
for
documentation,
six
security
documentation
and
it's
been
a
really
long
time
that
I
attend
one
of
the
meetings.
So
I
can't
tell
you
how
happy
I
am
today
to
be
here
with
you
all
and
I'm
here
to
launch
here
and
meet
my
like-minded
French.
C
That
say,
we're
happy
to
see
you
hi
I'm,
Ian
I
am
the
co-chair,
along
with
Tabitha
of
kubernetes.
Six
security
here
super
happy
to
be
here
to
help
make
kubernetes
more
secure.
With
all
of
you.
D
Hi,
this
is
pushkar
I'm,
the
Project
Lead
for
tooling
I
like
to
peel
oranges
and
enjoy
the
sun
in
California.
While
it
lasts
these
days.
E
Hell
I'm
Rory
I
do
security
stuff
at
bit.
Log
and
I'm
always
interested
in
new
container
and
kubernetes
hacking
and
security
things.
F
Hi
I'm,
Caitlin
and
I
work
with
sex
security
and
six
CLI
doing
kubernetes
things
and
I
work
at
Shopify
as
an
infrastructure
security
engineer.
G
A
H
A
I
will
read
out
on
behalf
of
Ray
from
the
third
party
security
audits,
a
project.
The
conversations
and
work
with
the
SRC
are
ongoing,
with
the
goal
of
being
able
to
release
the
audit
report
in
some
form
or
another
in
time
for
kubecon
EU.
There
are
a
couple
of
the
findings
from
the
audit
report
that
are
still
currently
under
embargo
and
you
know
being
worked
through
between
the
SRC
and
the
affected
cigs,
and
so
there's
there's
questions
about
how
precisely
to
deal
with
that.
But
we
are.
A
B
All
right
this
one
at
one
thing
that
I
see
I
know
the
holiday
guide
is
progressing
along
I,
don't
want
to
put
get
it
on
Rory
on
this
part
here.
That
is
one
thing
that
I
see
that
the
work
is
happening
other
than
that
I.
Think
it's
pretty
quiet
for
the
past
two
weeks,
so
shout
out
to
both
of
them,
and
thank
you
for
doing
that.
So
nothing,
nothing
big
happening.
B
A
Counting
it
off
in
my
head
on
on
one
hand,
the
silence
is,
the
silence
is
important
to
make
sure
that
folks
have
a
chance
to
jump
in,
but
on
the
other
hand
too
much
of
it
and
then
we're
all
sitting
and
staring
at
each
other.
So
pushka
you
have
a
lot
of
updates
in
the
notes
about
progress
in
tooling.
Can
you
share
them
with
us?
Please?
Yes,.
D
Lots
of
busy
work
and
incredible
work
going
on
from
so
many
people
in
the
call,
and
so
many
not
in
the
call.
As
many
of
you
know,
we've
for
this
release,
our
Focus
has
been
kept
3203,
which
is
our
Auto,
refreshing,
CBE
feed
for
kubernetes
vulnerabilities.
D
The
goal
has
been
to
Move
It
from
alpha
to
Beta.
We
had
a
bunch
of
PRS
from
Mahi
which
have
been
merged
in
the
last
couple
of
weeks,
so
we
are
looking
good
in
terms
of
the
scope
we
had
planned
for
graduating
from
alpha
to
Beta.
The
last
piece
is
something
Kailyn
has
been
helping
on,
which
is
working
on
getting
the
feature:
blog
ready.
That
essentially
summarizes
what
we
have
done
since
we
released
our
Alpha
feature
in
125.
D
So
that's
also
coming
along
well.
I
was
a
bit
late
on
reviewing
that
which
I
finally
managed
to
do
last
night.
So
sorry
for
the
delay
Kailyn,
but
we
still
got
time
so
we
should
be
okay
and
on
the
learning
side
of
things
from
tooling
David
did
a
very
insightful
session
on
the
open
source
project
security
guard
on
March,
1st
I've
missed
sharing
an
update.
Last
time
so
I
wanted
to
give
that
shout
out.
The
video
recording
should
come
soon
and.
D
Cool
and
we
have
another
one
coming
up
soon
as
well,
that
will
it
is
about
around
end
of
March
from
folks
working
on
a
project
called
Copa
and
it's
slated
for
March
29
usual
time.
Wednesday
8
am
so
if
you're
interested
to
learn
about
a
new
tool.
Talking
about
how
to
manage
vulnerabilities
in
containers,
please
attend
our
regular
meeting
and
come
ask
questions
or
learn
something
new.
A
All
right
Allah
was
not
able
to
make
it
today,
but
has
a
bunch
of
updates
in
the
notes
from
the
security
self-assessments.
Is
there
anybody
on
the
call
who
would
like
to
speak
to
that.
H
Yeah
happy
to
read
Ella's
note.
So
yesterday
we
had
a
yeast
sphere,
CSI
driver
meeting.
We
had
great
data
flow
effort,
feel
free
to
look
at
the
slacker,
Recaps
and
notes.
There's
a
doodle
poll
out
for
the
next
session.
Please
feel
free
to
join
the
progress
on
VCR
CSI
driver
is
continuing
shout
out
to
Tabby
and
me
it's
from
Allah
for
helping
with
the
session.
A
F
A
A
With
my
chair
hat
on,
I
am
grateful
to
everyone
here
for
your
trust
and
the
value
that
you
place
on
my
input,
but
I
also
encourage
anyone
else
who
is
interested
in
contributing
to
this
to
go
and
have
a
look
at
it.
Because,
because
that's
how
we
do
things.
I
Just
a
quick
one:
we
have
a
draft
public
draft
version
of
a
governance
white
paper,
kubernetes
policy
governance-
we've
had
a
number
of
great
contributors,
I
think
lost
count
around
a
dozen.
So
thanks
to
everyone
on
the
call
and
off
the
call
who
contributed
so
far,
but
we'd
love
to
open
that
up
to
the
broader
Sig
and
and
cncf
community
and
get
public
comments,
feedback,
Editions
contribution
so
put
the
link
in
the
in
the
notes
so
feel
free,
I
I
think
we
were
gonna
open.
A
All
right
now
having
having
heard
what's
going
on
with
all
of
the
various
sub
organizations
we
get
to
the
points
that
folks
have
put
on
the
lists
for
discussion
and
I
see
the
first
thing
there
is
Kalyn,
so.
F
A
We
were,
and
we
are
and
there's
a
two-stage
process
there,
the
first
being
filling
out
a
form
to
register
one's
intent
to
send
along
a
video
which
we
did
like
the
day
after
the
call
for
it
went
out
and
then
the
second
deadline
is,
if
I
remember
correctly,
the
end
of
the
month
for
submitting
the
actual
video
and
work
has
not
yet
begun
on
the
contents
of
that
actual
video,
but
there's
time,
and
especially
with
the
annual
reports
also
being
in
progress
right
now,
a
lot
of
a
lot
of
these
sort
of
what
we
do
and
how
we
do
it.
A
Concerns
are
front
of
mind
for
box,
and
so
they
are
kind
of
piggyback
on
each
other.
You
know
the
the
thinking
through
of
what
have
we
done?
What
did
we
do?
Why
did
we
do
it?
What
are
what
is
important
to
us
as
a
community,
then
you
know
feeds
into
annual
reports
feeds
into
also
the
video
for
kubecon.
G
C
I'd
like
to
strongly
second
that,
like
you
know,
Sig
security,
is
you
know
we
do
everything
collectively
here
you
know
like
I,
would
absolutely
love
to
get
as
much
input
from
as
many
people
as
possible
about
like
what
they
feel
excited
about
showcasing
what
they
feel
excited
about.
C
Having
had
done,
you
know,
like
I,
really
want
to
make
sure
that
when
we
do
this,
we
reflect
everybody's,
you
know
Collective
thoughts,
feelings,
dreams
right
so,
like
you
know,
please
be
vocal
and
speak
up
about
what
you
want
to
see
in
there,
because
I
really
want
to
include
that
specifically
what
you
want
to
see
in
there.
A
Yeah,
the
the
the
co-chair
role,
the
sub
project,
lead
role
in
this
sig
does
not
mean
boss.
It
means
person
who
promises
to
do
certain
mandatory
things
if
no
one
else
is
able
to,
but
primarily
a
collection
point
for
the
efforts
of
the
community
that
we
make
here
together.
A
Well
then,
we
have
reached
the
end
of
the
things
that
we
have
already
planned
on
discussing.
This
is
our
space.
This
is
our
time
and
so,
what's
on,
what's
on
everybody's
Minds,
is
there
anything
that
anyone
would
like
to
bring
up
with
the
group
while
we
are
together
that
hasn't
already
made
it
into
the
notes.
J
Okay,
so
I'll
just
throw
out
there
the
comment
that
I
put
in
the
chat
that
we
had
a
in
GitHub
for
six
security.
Tooling,
it
looks
like
we
have
a
learning
sessions-
page,
that's
slightly
out
of
date,
I
guess.
D
Yeah
I
just
replied
to
you
to
your
DM
pen:
okay,
so
I
updated
every
six
months
or
so.
But
if
you
want
the
most
up-to-date
info
about
what
learning
sessions
happened
recently,
the
six
security
tooling
meeting
minutes
document
would
be
the
best
place
to
take
a
look
at
that
and
it
will
typically
have
a
recording
link.
So
you
can
always
catch
up
on
that.
D
Typically,
with
my
schedules
and
time
zones
and
holidays,
we
have
had
lesser
learning
sessions
since
I
would
say
October
until
now,
but
in
March
now
we
had
to
so
I'm
hoping
we
will
continue
to
have
more
and
more
this
year,
cool.
J
C
E
The
only
one
I
saw
was
an
ssrf
that
could
hit
a
Unix
socket,
which
was
kind
of
weird.
Oh,
that's.
C
E
In
the
node
there's
a
there's,
a
library
in
node
called
request,
which
is
amusingly
deprecated,
but
has
18
million
downloads
a
week
which
is
fun
and
someone
saw
I
saw
it
on
Twitter.
They
said
they
were
doing
some
srf
on
node
and
they
can
hit
the
docker
socket
via
a
URL.
Oh.
G
I
A
A
A
A
It's
fabulous
to
it's
fabulous,
to
see
y'all
be
part
of
this
group.
Thank
you
all
for
coming
and
reminder
that
slack
is
open.
24,
7.