►
From YouTube: Kubernetes SIG Security Tooling 20220315
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
A
I
just
added
a
link
before
we
get
started
on
the
zoom
chat
for
all
of
you
to
add
yourself
with
your
name
and
preferred
pronoun,
and
that
just
allows
us
to
know
who
joined
and
then,
if
you
have
further
questions
and
want
to
communicate
it's
easier
to
reach
out.
A
So
I
see
a
few
folks
who
maybe
are
joining
for
the
first
time
some
who
have
joined
in
the
past.
Do
we
want
to
do
quick
introduction.
A
I'll,
I
may
be
I'll
start
quickly,
so
hi,
I'm
your
security,
tooling,
lead.
I
help
host
the
tooling
meeting
and
join
the
your
regularly
scheduled
security
meeting
on
thursday.
We
alternate
every
other
week
between
a
working
session
and
a
learning
session.
So
this
is
a
learning
session
where
we
discuss
different
topics.
A
A
B
Okay,
so
yeah
I'm,
I
am
working
as
an
rnd
engineer
at
a
security
company
and
I'm
one
of
the
person
that
made
a
small
presentation
before
on
a
six
security,
tooling
meeting
it
was
nice.
B
C
C
So
I
do
have
a
big
french
accent,
but
I'm
based
in
lausanne
in
switzerland,
okay,
nice.
What
about
you.
C
B
A
E
F
A
Welcome
abhishek:
this
is
exactly,
I
think,
a
very
good
session
for
anyone
new
to
the
community
or
wants
to
contribute,
but
doesn't
know
where
to
start.
So,
if
you
are
like
that,
you
definitely
gonna
be
helpful
for
folks
who
have
contributed
before
I.
There
is
a
good
chance
I
may
might
make
some
mistakes
so
feel
free
to
correct
me
or
ask
questions
so
that
way
it
is
easier
and
we
are
able
to
give
like
a
real
picture
of
what
actually
happens.
A
Okay,
so
welcome
welcome
new
and
existing
contributors,
just
a
brief
summary
before
we
get
started.
So
I
heard
in
the
past
from
some
folks
that
contributing
to
kubernetes
was
sort
of
intimidating
and
there
wasn't
really
a
clear
way
of
how
to
start.
A
So
I
thought
I've
been
meaning
to
create
a
pull
request
for
a
crea
for
a
table
or
a
list
of
people
who
have
actually
given
the
learning
sessions
in
the
past
and
basically
write
that
down
in
a
document
in
our
repo,
so
that
we
know
what
has
happened
in
the
past
and
then
based
on
that
we
are
able
to
basically
document
it
and
then
the
second
piece
is:
how
do
we
make
it
a
a
way
where,
even
if
I'm
not
around,
if
slack
is
not
there,
and
somebody
has
an
idea,
they
want
to
present
a
session.
A
So
whenever
you
click
on
new
issue
on
github
in
our
repo
we'll
be
able
to
they'll,
be
able
to
select
an
option
saying
hey,
I
want
to
preser,
propose
a
learning
session
and
once
we're
able
to
do
that,
then
it
will
be
easier
for
us
to
manage
like
a
queue
of
people
who
want
to
present,
and
then
we
can
decide
when
they
want
to
present
based
on
the
timelines
and
maybe
other
people
who
also
want
to
present.
A
So
that's
the
idea.
So
those
are
the
two
issues
I'll
try
to
tackle
today
and
we'll
create
prs,
hopefully
we'll
be
able
to
wrap
up
with
like
a
tlpr.
That
does
what
we
expected
in
45
minutes,
but
at
least,
if
not,
we
will
finish.
However,
whatever
we
can
and
then
on
slack
I'll
share
once
the
pr
is
ready
and
then
you
can
all
take
a
look
later
and
ask
questions.
A
So
I
see
some
of
my
friends
in
tooling
and
audit
as
well
joining
so
hey
guy,
hey
nia
ray
I
we
just
finished
intros,
but
if
you
want
go
ahead
and
maybe
click
introduce
yourself
as
well.
G
Hey
hi,
everyone
yeah
thanks
pushkar.
Actually
I
am
working
with
the
insect
security,
tooling
project,
so
currently
I'm
working
with
pushkar
on
one
of
the
cap,
where
we
are
doing
the
automation
to
generate
the
list
of
cves,
so
that
is
that
is
a
huge
work
we
are
doing.
I
mean
we
have
a
lot
of
issues
there,
so
we
are
making
some
progress
so
bushka
like
after
this
meeting
or
tomorrow.
If
you
have
time
we
can
sync
up.
Maybe
on
that.
H
Hello,
I'm
ray.
I
work
on
the
third
party
security
audits
for
six
security,
but
I'm
also
the
sig
docs
co-chair
and
the
123
release
lead.
So
I
wear
a
few
hats.
A
Nice
to
meet
everyone
welcome
ray.
This
is
probably
going
to
be
nice,
because
now
that
you
have
joined
any
mistakes,
I
do
in
doing
a
managing
github
prs
and
issues
you'll
be
able
to
catch
catch
me.
So
please
correct
me
as
I
go
along
today,
and
I
think
there
is
one
more
person
who
we
haven't
gotten
a
chance
to
get
to
know
if
you
want
to
introduce,
go
for
it.
Otherwise,
it's
it's.
Okay,.
I
Hi
brian
smith,
here
from
bell
canada
just
trying
to
get
caught
up
in
the
kubernetes
environment.
A
So,
let's
see
how
far
we
can
go
I'll
share
my
screen,
let
me
know
the
font
size
and
everything
how
it
looks
for
all
of
you
and
while
we
are
doing
this,
if
possible
and
you're
willing,
if
you
can
add
yourself
as
a
note
taker,
that
would
be
great
great
in
the
meeting
minutes
and
but
if
not,
that's
totally
fine
as
well.
You
can
add
yourself
as
note
taker
here
and
start
taking
notes
and
the
link
on
the
zoom
chat.
A
A
A
Then
there
are
three
sub
projects:
docs,
external
audit
and
tooling.
Each
of
them
have
their
own
directories
and
then
there
are
some
usual
files
that
explain
what
this
is:
security
contacts
so
on
and
so
forth.
And
then
there
is
an
issue
template
here
which
allows
us
to
create
very
specific
issues.
So
there
is
one
for
security
assessment.
So
if
you
look
here-
and
I
go
new
issue-
you
see
that
security
assessment
request
here,
so
that
this
we
are
going
to
create
something
very
similar
for
the
learning
session,
all
right.
A
Security,
tooling,
so
that
would
be
my
issue
and
I'll
go
for
a
description
generally
in
repos
that
are
used
much
more
like
kubernetes
kubernetes.
A
There
is
a
template
for
an
issue
that
you
can
use
instead
of
starting
with
a
blank
one,
but
we
might
end
up
creating
one
for
ourselves
in
the
as
we
see
and
create
more
issues,
we'll
find
patterns
that
seem
like.
Oh,
this
is
a
good
template
to
have
for
future
issues,
and
then
then
we
might
create
one,
but
for
now
it's
just
blank.
A
A
Date,
speaker
link
and
what
else
maybe
meeting
minutes
that
could
probably
be
the
same
one.
So
probably
this
is
good
enough.
So
let's
look
at
preview.
A
I
I
A
A
A
A
All
right,
so
that's
it.
This
would
give
us
an
opportunity
to
explain
what
we
want
to
do,
and
this
is
basically
this
part
is
very
kubernetes
or
specific.
I
see
a
question,
maybe
a
zoom
chat
text.
Let
me
see
maybe
docs
link.
Okay,
oh
yeah!
Maybe
I
missed
another
one:
where
are
the
recordings
for
these
sessions
saved
yeah?
So
this
is
the
link
I
just
copied
it
from.
This
is
the
playlist
I
maintain
for
all
the
recordings,
but
generally
we
also
put
the
recording
links
in
the
meeting
minutes
dock
as
well.
A
Okay
and
then
back
to
here,
so
this
is
a
kubernetes
or
specific
thing
that
we
do
so.
This
is
in
very
simple
terms:
a
special
label
that
you
can
apply
and
anything
starting
with
like
this
slash.
A
If
you
go
here
in
community,
you
will
find
all
these
labels
right.
So
if
I
search
for
sig,
I
think
I
should
find
one
here
and
then,
if
I
keep
scrolling,
this
is
the
security
label.
So
what
this
allows
us
is
create
filters
that
are
easy
to
use
to
filter
out
relevant
issues.
So
that's
why
this
label
will
help
us
if
there
are
other
issues
in
the
same
repo
for
other
sigs,
we
don't
need
to
look
at
them.
We
just
want
to
look
at
maybe
six
security
one.
This
will
help
us.
A
C
A
Yeah,
this
is
sort
of
in
a
way
redundant,
because
the
way
security
repo
is
used
right
now
is
mostly
for
us
sometimes
and
in
future,
maybe
other
people
will
end
up
coming
up
with
issues
that
are
for
different
sick,
so
always
good
to
have
so
area.
Cleanup
sounds
good
to
me,
but
I
want
to
confirm.
A
So
let's
look
at
kind
cleanup.
That
was
someone
I
was
looking
for,
so
it
categorizes
issues
or
prs
for
cleaning
up
code
process
or
technical
depth.
So
this
explain
this
is
sort
of
a
process
related
issue
and
also
maybe
sort
of
a
technical
depth,
because
I
would
should
have
impli
added
this
as
we
had
more
learning
sessions
in
the
past.
So
that's
why
this
would
make
sense
for
me
and
then
we'll
just
submit
an
issue.
A
A
No
good,
first
issue.
I
think
something
like
this.
So
let's
confirm
here
good
first
issue:
yeah
there
you
go
and
then,
if
you
look
at
help,
oh
not
here,
yeah
help
wanted
and
good
first
issue.
So
that's
those
are
the
two.
A
A
So
if
you
have
used
github
in
the
past
for
other
repos,
you
might
be
wondering
why
can't
I
just
add,
label
here
myself,
because
sometimes,
if
your
admin
of
repo,
you
can
add
labels
using
this
ui
and
you
get
a
setting
here
called
like
a
wheel
icon
where
you
can
add
your
labels
so
because
not
all
of
us
are
kubernetes
admins.
In
fact,
very
few
people
in
the
community
are
kubernetes.
Admins,
we
can't
use
that
wheel
icon
to
add
labels.
A
So
that's
why
this
allows
us
to
add
labels,
even
if
we
are
not
admin,
but
because
this
robot
accepts
known
and
established
labels,
we
are
not
able
to
add
any
random
label
that
we
want.
So
that's
sort
of
thing
that
github
admins
have
implemented
that
has
allowed
us
to
do
something
like
this
make
sense.
A
Okay,
so
we
did
the
first
part
now.
The
second
is
creating
a
github
issue,
template
which
would
basically
allow
people
to
propose
different
sessions
that
they
want
to
do
in
future
as
part
of
our
tooling
learning
sessions.
A
So
let's
go
here
and
we
have
a
issue
template
here.
I
just
wanted
to
show
it
to
you
before
we
finish.
So
this
is
what
it
looks
like
generally.
This
is
the
metadata
name
about
title
labels
signing
and
then
there
are
a
list
of
questions
that
you
get
to
ask.
So
this
ends
up
becoming
a
issue
template
and
we
look
at
it.
How
it
looks
like
here.
A
They
will
show
they
have
not
shown
up
here
interesting.
We
may
need
to
dig
deeper
on
that
later
and
then
for
name
about
and
the
other
questions.
Those
have
all
showed
up
here.
So
if
you
go
here,
these
questions
have
showed
up,
and
the
name
is
the
name
for
the
issue.
Template
and
about
explains
what
the
issue
template
is
supposed
to
do.
So
if
you
go
here,
this
is
the
name-
and
this
is
the
about.
A
Right
makes
sense,
so
that's
what
it
actually
does
and
if
I'm
not
wrong
the
labels
get
applied
after
the
issue
is
created
automatically.
So
let's
look
at
one
example
right
here,
so
this
was
created
by
somebody
who
wants
a
security
assessment
and
after
they
submitted
it,
this
was
automatically
added.
A
So
that's
how
we
know
this
is
a
security
assessment,
and
we
also
know
that
this
belongs
to
seek
security
and
then
they
could
have
added
another
c
if
they
wanted
to,
if
it's
relevant,
for
them
make
sense.
A
Okay,
please
interrupt
me
anytime,
you
want,
but
if,
if
you
don't
interrupt
me,
I'm
assuming
you're
getting
everything
and
I'm
explaining.
C
Yes,
just
a
quick
question,
I'm
just
wondering
in
terms
of
workflow,
I
see
in
the
communities
kubernetes
project.
There
are
quite
a
lot
of
issues
with
the
six
security
level.
Yes
like.
How
does
that
work
basically,
and
is
there
some
kind
of
trade
that
goes
on
from
the
communities,
a
repo
that
goes
to
the
security
one.
A
Right
so
few
things
happen
and
ray
might
be
able
to
explain
better
I'll
try.
First
generally,
the
kubernetes
or
members
are
aware
of
these
labels
that
we
just
looked
at,
so
we
are
able
to
look
at
an
issue,
for
example,
and
then
figure
out.
Okay,
this
label
might
be
more
relevant
for
this
issue
or
a
pr.
A
Sometimes
we
as
six
security
members,
also
look
at
an
issue
and
appears
things
that
this
might
be
relevant
to
us,
and
then
we
just
add
in
a
comment
to
that
issue
or
appear
with
the
label
seek
security
and
once
it's
added,
then
it's
allow.
It
allows
us
to
look
at
it
in
future
and
also
get
attention
of
other
people
who
are
in
six
security
or
interested
in
the
work
that
we
are
doing
in
six
security.
So
that's
typically
how
it
works.
C
So
let's
say
you
know,
I'm
someone
who
wants
to
contribute
to
sex
security
issues.
Basically,
do
I
need
to
go
to
the
communities,
kubernetes
repo
and
look
at
six
security
issues,
or
is
it
expected
more
to
start
from
the
security
ripple,
because
the
issues
there
maybe
have
been
more
groomed
or
trash?
First.
A
Yeah
I
mean
so
first
first,
maybe
the
best
thing
is
to
join
these
kind
of
meetings,
especially
the
one
where
we
do
a
working
session.
So
this
the
next
meeting
for
tooling,
would
be
a
working
session
where
we
discuss
different
issues
that
we
are
working
on.
We
want
to
work
on,
and
then
I
know
some
folks
in
the
past
have
picked
up
issues
from
those
meetings
and
worked
on
it.
Another
option
of
that
you
can
do
a
sync
is
following
this
project
tracker.
A
A
Some
of
them
are
being
worked
on.
So
if
something
is
in
progress,
you
can
start
looking
at
it
and
if
you
want
to
add
comments
or
want
to
add
reviews,
you
can
do
it
same
thing
for
anything
ready
for
review.
This
column
is
mostly
really
for
our
coaches,
who
we
need
basically
their
eyes
to
get
it
approved
and
merged,
but
anything
else
in
to
do
in
progress.
A
All
right
cool!
Thank
you,
neha!
Oh,
so,
let's
continue
here
security
assessment
md
this
is
done
so
now.
I
think
we
can
create
another
quick
issue
that
explains
what
we
want
to
do
for
the
template.
So
let's
go
ahead,
create
a
template
for.
A
So
this,
I
think
for
me
personally.
The
reason
I
want
to
do
this
is
in
the
past.
People
have
reached
out
to
me
or
I've
reached
out
to
people.
I
know
who
to
give
learning
session,
and
that
really
creates
like
a
bubble
for
for
me,
where
anyone
who
doesn't
know
me-
or
I
don't
know
that
person
I'm
not
able
to
reach
out
to
them
for
a
learning
session,
so
this
being
out
in
the
open
anybody
in
the
entire
community
can
come
up
and
say
hey.
A
I
want
to
do
a
learning
session
and
then
it
gives
everyone
an
opportunity
and
then
sort
of
an
equal
footing
to
explain
what
they
want
to
explain
and
give
value
and
create
value
for
the
community
by
sharing
what
they
know.
A
J
Actually,
yes,
who
is
who
is
managing
the
tracker.
A
I
all
of
us
in
the
chairs
and
the
tls
generally
keep
track
of
it.
By
tls
I
mean
the
sub
project
owners,
but
really
like.
If
you
feel
like
you,
want
to
add
something
on
the
tracker,
I
don't
think
it
will
be
hard
to
add,
and
if
you,
if
you
can't
add
it
in
the
project
board
itself,
the
best
way
would
be
just
labeling
security
for
an
issue
or
a
pr
that
you
see
might
be
relevant
or
you
want
to
work
on
and
then
periodically.
A
We
keep
track
of
some
repos
like
community
website,
kubernetes
repo,
seek
security,
repo
test
infra
and
look
for
all
the
issues
and
prs
that
are
relevant
for
that
for
our
sig,
which
is
label,
seek
security,
and
then
we
pull
in
those
into
these
different
columns
based
on
the
progress
so
that
people
have
more
visibility
into
it.
A
There
is
very
little
automation
in
terms
of
like
if
something
gets
merged
that
goes
automatically
and
done
from
in
progress,
hopefully,
potentially
in
future,
we
can
do
more
automation.
While
we
are
on
that
topic.
There
is
another
tracker
for
kubernetes
six
org.
A
We
haven't
added
a
in
review
or
ready
for
review
column
yet
and
since
there
are
haven't
been
really
any
umbrella
issues
in
this
org,
we
just
have
to
do
in
progress
and
done,
and
these
these
basically
are
the
things
that
we
have
worked
on
and
want
to
work
on.
I
there
is
clearly
very
fewer
issues
in
this
org,
but
doesn't
mean
in
future.
We
might
have
the
same
number
of
issues.
We
could
add
more
based
on
how
things
look
like
so
this
these
both
these
trackers
are
good.
A
If
you
want
to
take
a
look
at
things
all
right
so
back
here-
and
I
think
one
caveat
I
wanted
to
add
here-
is
no
vendor
pitches,
no
sales
meetings-
or
this
will
be
only
for
topics
related
to
kubernetes
security
and
community
projects.
A
A
Okay,
cool
sounds
good.
What
we
can
also
do
to
confirm
whether
the
labels
are
right
is.
We
may
have
had
a
similar
pr
or
an
issue
when
we
created
the
security
assessment
template.
So
we
can
take
a
look
at
that
and
see
what
labels
were
applied
to
that.
So
we
go
here.
Number
five
is
the
pr,
and
this
is
what
let's
see:
okay,
this
is
the
umbrella
issue
and
seek
security
label.
Okay,
that
sounds
good
and
then
rest
of
it
is
good
okay.
A
Okay,
so
we
have
five
ten
minutes
more
nine
minutes
more.
I
think
we
might
be
able
to
get
a
draft
pr
in
place
for
this
issue
template
so
let's
create
that
for
now
and
then
for
the
other
one
I
might
actually
label
it
as
help
wanted
or
good
first
issue.
So
if
somebody
who
was
in
the
meeting
today
and
wants
to
work
on
it
just
add
a
comment
with
saying
you
want
to
work
on
it
on
that
issue
and
then
you
can
basically
start
working
on
it.
A
If
and
if
not,
somebody
else
might
pick
it
up
and
they
might
start
working
on
it,
but
the
issue
template
is
something
we
could
probably
do
so.
Let's
start,
I'm
gonna
copy.
The
issue
template
from
here.
A
A
Meeting
and
then
we
can
go
and
say
title
request:
security
assessment
for
security
tooling,
so
we
can
go
back
here
and
do
this
area
is
maybe
security,
maybe
not.
I
think
this
is
fine
security
and
then
a
sign
is
we'll
keep
it
blank
for
now
is
this
so
now
the
questions
will
be
different
here.
So
let's
start
with
that,
maybe
tell
us
a
bit
more
about
the
topic
you
want
to
present
and
then
here
we
can
add
the
caveat
that
hey
this
can't
be
a
vendor
page
and
stuff
like
that.
A
Will
be
accepted
or
maybe
host
it?
This
is
general
policy
of
the
community
that
we
don't
want
to
really
have
this
kind
of
content
in
the
community,
but
really
make
it
a
community
for
all
of
us
and
who
get
to
present
things
that
are
going
to
benefit
the
community
instead
of
a
specific
company,
including
my
own
company.
A
A
C
Dude-
and
we
also
have
like
the
converse-
some
topics
that
maybe
the
community
is
interesting
to
hear
about-
or
maybe
things
like
we're
interesting
to
hear
about
someone
who
did
the
migration
from
pot
security
policies
to
port
security
admission
or
it
mostly
the
other
way
around.
A
Yeah,
I
think
that
would
be
a
good
thing.
I
agree
potentially
another
issue.
Template
might
be
worth
it
for
it
or
we
can
use
the
same
issue.
Template
saying:
are
you
proposing
or
are
a
topic
or
do
you
want
to
present
for
now?
A
Maybe
if
you
have
things
you
want
to
listen
or
hear
from,
let's
go
with
slack
if
you're
on
slack,
you
can
based
on,
like
your
preference,
dm
me
or
send
a
message
on
the
public
channel
and
say
I
would
like
to
hear
or
learn
from
folks
on
these
topics
and
then
if
people
are
available,
if
I'm
able
to
explain
I'll,
do
it
if
some
other
folks
are
available,
we'll
bring
somebody
who
can
talk
about
it
more
and
if
we
get
good
feedback,
and
this
seems
like
something
people
want
to
do
more
and
more,
we
can
either
update
this
issue
template
or
we
can
add
another
one
sound
good.
A
A
Allow
community
members
to
shine
focus
shine,
light
on
their
work
throughout
the
kubernetes
community.
Read
more
about
our
chatter
here.
If
you
have
any
feedback
about
this
process,
please
leave
a
comment.
Maybe
not
this
one
and
thanks
for
reaching
out
so,
let's
look
up
to
preview,
propose
learning
session
request
a
learning
session.
A
This
is
looking
good,
I'm
just
going
to,
though,
maybe
create
a
draftful
request.
Also,
we
are
running
out
of
time,
so
I'll
pause
now.
A
Hopefully
this
was
helpful
for
everyone
who
joined
I'm
missing
the
zoom
window.
Where
is
it?
But
okay,
let
me
try
again
yeah.
A
Okay,
there
you
go
okay,
so
hopefully
this
was
helpful,
talk
to
you
next
time
and
reach
out
on
slack.
If
you
have
any
questions,
thanks,
pushkar
thanks
all
right,
bye.