►
From YouTube: July 22, 2021 - Ortelius Architecture Meeting
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
B
A
So,
for
me,
my
mouse
just
locks
up
randomly
over
when
I'm
on
over
a
web
page
makes
it
hard
so
just
to
kind
of
wrap
up
some
of
the
stuff
cars.
You
got
the
the
swagger
in
place,
which
is
great.
I've
incorporated
that
into
the
front
end,
so
that
is
coming
along
pretty
good.
The
I
do
need
to
one
of
the
things
I
realized
I
needed
to
do
the
way
the
swagger
api
works
is
to
host
basically
serve
up
a
page
instead
of
json.
A
A
And
then,
on
the
the
cve
part
that
part
the
microservices
on
the
back
end
are
looking
pretty
good.
I
did
change
them
up
slightly
to
follow
more
along
the
same
lines
that
akarsh
did
for
the
swagger,
so
made
made
a
slight
change
to
those
microservices
to
be
a
little
more
consistent.
It's
when
we
first
started.
We
had
a
different
plan
in
mind,
but
this
the
kind
of
like
a
dynamic
design
here,
the
readme
for
the.
A
That's
being
added
to
so,
in
the
same
token,
as
the
swagger,
the
readme
file,
that
we
pick
up
out
of
the
git
repo.
So
when
we
have
a
python
program,
that
is
what
it
does
is
basically
say
our
cli
interface.
A
A
It
actually
is
part
of
the
open
source
side.
That's
one
of
the
things
I
have
to
figure
out
is
how
we
can
go
about
deprecating
the
deploy,
hub1
and
replacing
with
the
ortelius
one,
but
basically
it
is
allows
us
to
do
a
couple
different
actions.
One
of
the
actions
is
to
update
a
component.
A
So
you
can,
we
can
see
like
the
readme
here,
I
haven't,
pushed
out
the
latest
code
for
the
swagger
piece,
but
it's
in
my
my
testing
side
of
things
so
the
this
basically
python
command
line,
which
fits
into
your
jenkins
pipeline,
really
easy,
basically,
as
a
shell
command
or
we
do
have
a
full
jenkins
library,
groovy
library,
but
that
is
if
you
want
to
do
more
more
coding
and
be
have
a
little
more
flexibility.
So
it's
kind
of
like
a
trade-off.
A
A
Come
on
so
it
is
mainly
in
the
deploy
hub
directory.
This
is
where
the
api
library
is
the
basic
of
this.
This
does
all
the
restful
api
calls
that
we
need
to
make.
So
if
we
need
to
like
log
in
it
wrappers
the
login
for
us.
So
this
is
where
we
start
interacting
with
the
microservices
for
like
the
swagger
and
the
readme.
A
So
one
of
the
things
that
we
actually
do
is
we
go
and
look
to
see
if
a
a
readme
exists
for
the
repo
we
grab
it
and
we
push
it
up
through
the
the
microservice
on
the
back
end,
which
stores
it
into
the
database
and
then
from
there.
A
We
render
it
using
a
different
couple:
javascript
library,
so
the
the
swagger
gets
rendered
with
the
the
swagger
js
code
and
the
readme
there's
a
plugin.
I
found
that
will
translate
markdown
into
a
render
renderable.
You
know
html
code,
both
of
them
work
really
nice,
because
all
we
have
to
do
is
provide
a
basically
a
document
tag
where
we
want
the
html
pulled
in
so
that's
kind
of
what's
happening
on
those
two,
the
cve
front.
C
Yeah
so,
as
you
told
what
I
have
done,
given
a
image
name
of
the
docker
file,
I
can
scan
all
the
dependency
that
was
used
in
the
docker
file
so
and
after
scanning
that
will
create
a
that
will
generate
two
files.
C
Basically,
so
one
of
them
is
like
all
the
s-bom
materials
and
the
other
one
will
be
cbe5,
so
the
next
task
will
be
to
copy
all
those
generated
files
to
the
host,
so
that
is
done
so
currently,
I'm
just
looking
into
if
I
have
to
use
docker
pull
or
something
because
I
don't
know
like
how
you
you
know,
build
those
docker
files
in
the
production
environment.
A
Yeah,
so
it's
the
two
tools
that
we
started
out
was
cyclone
dx
for
python.
B
A
What
was
the
other
one?
Safety.
C
A
So
these
two
scanning
tools
allow
us
to
grab
that
information
as
part
of
it
out
of
the
image
and
the
tricky
part
that
we
ran
into
on
that
front.
Is
we
don't
know
what
somebody's
image
we
can't
hook
into
the
build
part?
We're
gonna
assume
during
the
pipeline
process
that,
when
we're
back
in,
let
me
bring
up
the
jenkins
pipeline
real
quick.
A
Yeah,
so
this
is
kind
of
a
the
typical
interface
between
artelius
and
the
the
jenkins
pipeline.
So
this
is
calling
that
command
line
program.
I
was
talking
about
the
the
one
we
were
just
looking
at,
so
this
is
the
python
program
where
we
go
and
passing
in
all
the
attributes
to
update
here's
the
readme
getting
passed
in.
A
So
when
we
do
a
docker
build,
you
know
a
company's,
not
gonna,
allow
us
to
manipulate
their
their
docker
build
file,
so
we
let
them
go
ahead
and
do
their
typical,
build
and
grab
it
do
that
type
of
information.
Now.
What
we'll
do
here
is
we'll
put
in
right
before
this
step
being
able
to
scan
use
utkar's.
A
Pro
golang
program
to
go
ahead
and
scan
the
image
that
was
was
built
and
what
this
gives
us.
The
ability
is
to
really
look
at
an
image
and
not
be
dependent
upon
a
docker
build.
So
we
could
do
that
at
the
time
of
creation
so
like
when
we're
doing
here
or
if
we're
going
to
actually
deploy
you
may
build
today
they
may
deploy
tomorrow
in
this
jenkins
file.
A
I
do
it
back
to
back,
so
I
do
the
build
and
then
the
deploy,
but
the
the
deploy
step
may
come
down
the
road
and
that's
where
we
would
actually
add
in
the
scan
here
when
we
go
and
deploy.
We
know
what
image
version
network
we're
deploying
and
we
pull
pull
that
scan
at
that
time.
So
we
have
a
couple
options
here,
but
that's
how
it's
going
to
fit
together
as
part
of
this
process.
A
Basically,
it's
a
dependency
graph
of
what's
in
the
container
image,
now
some
of
the
thing,
some
of
the
other
scanning
tools
that
we'll
probably
need
to
add.
A
We
need
trivi,
I
know
if
any
of
you
have
heard
of
that.
One
trevi
does
like
rpms
impact
and
what
is
it
deb
files
wn
files
and
then
we
need
to
find,
I
think,
there's
cyclone.
A
A
For
net
microservices
and
probably
golang
as
well,
those
those
seems
to
be
the
the
top
ones
for
now.
A
So
the
this,
the
little
scanning
wrapper
that
we
made.
It
is
just
a
starting
point,
so
we'll
continually
build
a
build
upon
it
as
per
that
process
and
it'll
allow
us
to
really
get
deep
into
the
dependencies.
So
what
we'll
end
up?
Having
is
when
we
do
a
build.
So
if
I
go
back
over
to
my
build
here,
I'm
building
a
new
component
version.
A
So
it's
coming
along
really
nicely
great
job
udakash
and
it's
like,
I
said,
we'll,
keep
on
adding
to
it,
but
for
now
we're
gonna
kind
of
solidify
around
python
and
maybe
the
trivi
as
a
starting
point.
This
does
produce
a
lot
of
data.
C
Yeah,
so
actually
I
tried
with
a
couple
of
more
commands,
so
we
can
execute
any
number
of
commas
there
to
generate
like
whatever
we
want.
A
Oh
nice,
and
we
need
to
put
in,
is
it
a
different
cyclone
library
that
we
need
to
install.
C
A
Yeah,
so
if
you
look
at
the
it's
a
little
bit
tricky
to
find.
A
Yeah,
so
so
all
this
is
around
a
area
called
s
bomb
software,
build
materials,
and
so
cyclone
dx
and
spdx
are
the
two
main
open
source
projects.
I
found
that
focus
on
gathering
license
and
cve
information
more
more
so
around
the
license
side.
A
So
if
you
go
to
the
tool
center
off
of
here,
you'll
see
the
different
you
know
plug-ins.
So
here's.
A
This
is
the
one
that
we
would
I
and,
and
the
weird
part
is
it
comes
in
two
flavors
one
is
to
generate
the
s-bomb
file,
so,
like
spdx,
has
a
certain
file
that
you
associate
with
a
package
so
they're
trying
to
standardize
on
the
tags
that
you
use
to
describe
a
package.
A
So
there
you'll
you'll
run
into
some
tools
that
will
look
at
your
code
base
and
generate
those
for
lack
of
a
better
word
configuration
files
for
the
s-bom
or
s-bom
definition
files
and
then
there's
the
second
side,
which
is
actually
scanning
the
tool.
The
the
code
base-
and
I
think
we
use
this
one
here.
Cyclone
dx
for
python
was
the
one
that
we
are
are
using
to
grab
that.
C
A
Yeah,
so
when
you're
looking
at
this
page,
you
know
just
be
aware
that
some
of
it
is
for
scanning,
and
some
of
it
is
for
actually
getting
it
set
up.
A
So
like
this
one,
the
cyclone
dx
for
co
go
and
this
one
you
actually
have
to
go
and
look
at
what
the
the
tools
are
doing
to
understand
under
the
covers,
if
they're,
if
they're
a
scanning
tool
or
if
they're
a
setup
tool
so
and
there's
going
to
be
other
ones
like,
I
did
try
dependency
track
at
one
point,
but
it
wasn't
giving
some
of
the
detail.
A
I
was
looking
for
it.
The
weird
part
is
none
of
the
tools
that
I
found
so
far.
Actually
do
everything
all
at
once.
So
there's
pieces
like
the
the
cyclone
dx
for
python,
will
scan
for
all
the
licenses,
that
is
in
your
python
code,
but
it
doesn't
scan
for
the
cves
so
because
of
that
we
had
to
bring
in
safety,
which
is
a
python
module
that
will
scan
for
cves
at
that
level.
So
we're
going
to
have
a
mix
of
tools.
So
if
you
run
across
the
tool,
that's
a
good
scanning
tool.
A
Put
it
out
on
the
github
issues
that
you
found
it,
because
it's
it's
really
a
quest
for
these
tools
to
figure
out
how
we
can
bring
them
in
and
leverage
them
into
ortilius.
A
Okay,
oh
it
switches
over
so
looks
like
we
have
a
something
new
that
has
dropped
in
today.
Steven
you
want
to
kind
of
introduce
yourself
and
let
us
know
what
you're
interested
in
and
we
can
kind
of
introduce
you
to
the
group
and
kind
of
what
we've
been
up
to.
D
Hi
yeah
stephen
curry,.
D
Got
a
bit
of
a
background
in
sre,
so
I'm
kind
of
just
really
just
on
here
right
now,
just
learning
honestly
about
this
process
and
stuff.
So
I'm
just
just
happy
to
be
here
really.
A
All
right
are
you
into
interested
in
like
doing
any
coding
or
just
focusing
on
devops
or
just
kind
of
hanging
out
and
watching
or.
D
Just
a
little
busy
at
work
right
now
so
but
yeah
anything
I
can
do
to
help.
I've
got
no
problem
with
okay.
A
Yeah,
what
we
try
to
do
just
an
overall,
we
try
to
give
the
tasks
to
be
relatively
small,
and
then
we
just
build
upon
those.
So
it's
not
like
a
task
is
gonna.
Take
you
40
hours
to
work
on
or
anything
like
that.
We
try
to
keep
them
small
to
you
know
under
you
know,
from
one
hour
to
eight
hours
is
what
we
try
to
work
on.
A
So
we
don't
suck
up
everybody's
time,
and
then
we
split
that
out
across
the
people
that
are
interested
in
doing
and
and
help
out,
which
time
zone
are
you
in
central?
Okay,
all
right.
A
So
for
you,
if
you're
interested
there
is
our
australian
group,
we
meet
at
4
30,
so
it'd
be
5
30
central
time
on
thursdays
so
and
the
australian
working
group
has
been
working
on
git
ups
around
how
to
integrate
ortelius
into
the
get
ops
model
and
they're
focusing
on
argo
right
now.
So,
if
you're
interested
in
that,
there
will
be
a
second
meeting
today
at
5
30
central
time,
all
everything's
recorded.
A
So
it's
not
like
a
requirement,
but
just
to
let
you
know
that's
happening
out
there.
On
the
that
group,
I
got
a
message
from
brad
mccoy
who
is
running
that
group
and
he
said
they
made
some
interesting
finds
around
the
argo,
what
they
call
application
sets
and
how
that
may
simplify
the
the
yamas
spread,
the
manifest
spread
on
the
get
op
side.
A
So
they
do
have
a
working
argo
set
up
that
they're
playing
with.
So,
if
you're
interested
in
that
that's
what's
happening
down
down
under
so
all
right,
let's
see
so
the
next
things
that
we
have
basically
we're
wrapping
up,
I'm
pulling
together
the
the
front
end
piece
pulling
in
the
cve
and
licenses
into
that
process
and
just
wrapping
up
some
of
the
swagger
pieces.
So
let
me
see
if
I,
if
it's
running
so
I
can
give
you
a
quick
demo.
A
So,
just
to
give
you
a
little
background,
the
artillious
is
is
still
in
the
monolith
world
it.
Actually
all
the
new
code
is
being
done
in
in
microservices,
so
we
actually
are
a
hybrid
type
of
application.
A
A
So
because
of
that,
the
the
monolith
piece
is
all
written
in
in
java
and
it
runs
under
tomcat
all
the
new
micro
surface,
arrows
that
we've
started
with
are
python
flask
and
trying
to
keep
those
pretty
small
a
couple
hundred
lines.
Long.
A
So
here
is
the
swagger
pieces
that
we've
I
just
put
in
as
some
dummy
swagger
pieces,
but
so
we
have
the
whole
swagger
ui,
so
you
can
interact
with
it
and
do
your
you
know,
try
it
out
and
things
like
that.
So
that
is.
A
You
know
live
right
there
inside
of
inside
of
the
component
version
here.
So
one
of
the
nice
things
that
we're
doing
is
the
swagger
is
being
versioned
along
with
the
the
component,
so
as
the
swagger
updates
and
they
change
the
contract,
we'll
be
able
to
actually
distinguish
that.
There's
been
a
contract
change
in
let's
say
like
one
of
the
parameters
or
something
like
that,
so
that
will
be
available
to
us
down
the
road
to
leverage
you
can
see
here.
A
If
we
should
list
every
single
package
and
every
single
cve
or
if
we
should
just
list
the
the
cves
that
are
you
know
in
the
container
and
and
then
like
drill,
do
a
drill
down
if
you
want
to
see
which
packages
are
affected
by
that.
So
that's
one
of
the
things
I'm
going
back
and
forth
on
from
our
front-end
side
is
being
able
to
because
we
have
the
data
showing
you
know
which
exactly
which
package
is
there,
but
like
a
simple
hello,
world
node.js
program
has
1500
packages.
A
If
you
just
take
it
a
default,
node.js
install
so
a
lot
of
data
that
we
end
up
gathering
on
that
that
level.
So
one
of
the
things
that
we
will
do
once
we
have
the
cves
and
licenses
at
this
level,
we'll
actually
roll
those
up
to
the
application
level.
So
application
versions
are
made
up
of
component
versions
and
then
from
there
we
can
actually
see
you
know
what
are
all
the
cves
across
all
the
components
that
my
application's
consuming
and
what
are
all
my
licenses
that
I'm
consuming
for
this
application
version.
A
So
you
know
like
one
of
the
things
that
happened
when
we
joined
the
cd
foundation
is
we
had
to
provide
a
list
of
all
of
our
licenses
to
the
cd
foundation
here?
It's
just
a
simple
point
and
click
and
we're
good
to
go
instead
of
having
to
comb
through
source
code
to
get
that
list.
A
So
that's
kind
of
where
we're
at
it's
coming
along.
I'm
gonna
try
to
wrap
up
a
lot
of
this
in
the
next
week
or
two,
so
we
will
be
able
to
have
a
new
release
here
shortly
and
then
we
get
to
move
on
to
component
sets
and
the
get
ops
piece.
It
looks
like
the
the
australian
group
will
be
pretty
close
to
giving
us
some
design
direction
on
where
we
need
to
go
with
git
ops,.
A
Moved
it
out
yet
so
the-
and
this
is
like
small
little
stuff,
that
we'll
add
in
the
the
ortulia
stocks.
All
of
our
documentation
is
in
markdown
that
is
rendered
through
a
hugo
server.
So
you
know
like
adding
in
the
detail
about
the
components.
A
It
literally
is
just
updating
a
markdown
at
that
level,
so
we'll
have
a
bunch
of
issues
that
will
create
around
the
documentation
and
updates.
Usually
these
are
you
know
no
more
than
a
half
hour
to
to
do,
but
you
know
things
get
scattered
across
all
the
different
chapters.
So,
if
you're
interested
in
just
doing
some
real,
simple
stuff
doing
some
documentation,
update
would
be
definitely
appreciated,
but
we'll
I'll
you'll
see
issues
that
come
about.
I
think
that's
it.
A
Alrighty
lukas,
I'm
gonna.
I
have
a
couple
meetings
back
to
back
this
morning
and
then
I'll
go
ahead
and
look
at
your
coding
changes.
C
A
So
I'll
get
to
that
this
morning
as
soon
as
possible,.
C
B
B
A
B
Month
here,
why
is
that?
Looking
like
that?
Okay,
so
today
is,
let
me
start
over
today.
Is
the
22nd.
So
next
week
would
be
the
27th
that's
on,
and
then
the
next
architecture
meeting
should
be
thursday
august
the
5th,
and
it
is
scheduled,
so
the
architecture
meetings
will
remain,
but
the
general
community
meetings
and
the
outreach
meetings
are
being
cancelled
for
august
to
slow,
slow
things
down,
and
the
purpose
of
the
architecture
meetings
is
just
to
get
this
documentation
and
done,
and
the
release
out.
A
Yeah
all
right,
perfect.
Well,
thank
you,
everybody
for
your
your
help
and
dropping
in
today,
and
if
you
have
any
questions,
let's
post
them
out
on
discord
and
we'll
chat
there.
Thank
you
thanks.