►
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
B
B
As
we
know,
we
have
released
the
hubble
version
1.10
in
by
the
end
of
the
last
year,
and
there
is
a
new
feature:
plugin
scanner
introduced
in
this
release
and
with
literally
we
with
this
feature
cover
users
can
have
more
options
to
scan
their
container
images,
and
today
we
will
have
two
plugin
scanners
to
to
to
show
one
is
from
daniel,
patrick
daniel
pi
kik
from
aqua
to
introduce
their
csp
for
hubble
containers,
plugin
scanner
and
the
second
scanner
plugin
is
from
from
dusak
to
introduce
their
implementation
of
a
plugin
scanner.
B
And
finally,
we
will
introduce
the
hubble
community
meeting
and
meet
up
in
2020
february,
shanghai,
okay,
let's
please,
let's
mankind
to
introduce
the
progress
of
the
oci
registry.
When
kai.
Could
you
please
take
control
of
the
screen.
B
C
First,
some
background
for
the
ocean
works.
There
is
a
distribution,
spec
define
the
standard
that
the
the
container
registry
should
implement.
Currently
most
of
the
container
registries
can
store
and
manage
only
the
docker
images,
but
kitchen
and
services
typically
require
additional
artifacts
to
deploy
and
manage,
such
as
hamtard
cnam
and
all
others.
C
Utilizing
the
manifest
and
index
technicians
of
the
dispute
distribution
spec.
The
container
registry
can
be
used
to
store
and
manage
all
these
artifacts.
There
are
artifacts
that
follow
the
spec
accord.
All
set
artifacts
harbor
is
about
the
implementation
of
the
distribution
spec.
So
the
wholesale
work
of,
however,
is
that
we
will
recover
to
be
able
to
manage
any
kind
of
osa
artifact.
C
This
is
a
background
for
the
development
centers.
The
ui
design
is
finalized
and
the
development
work
is
started
for
the
backhand
side.
The
registry
handler
and
artifact
module
is
almost
done.
The
basic
pushing
pulling
workflow
works
now
when
are
pushing
image
image
list
or
hem
chart
into
hardware.
The
metadata
can
be
abstracted
and
stored
in
database.
C
So
during
the
development
works,
the
code
on
mass
branch
may
be
broken.
So
if
you
do
some
work
based
on
that,
you
should
notice
this.
Maybe
next
committee
meeting
we
can
do
some
basic
demo
for
the
oss
sporting
based
on
the
ips.
C
D
D
So
just
a
little
bit
of
context
for
those
of
you
who
don't
know
so
we
wonder
we
enabled
the
configuration
of
additional
scanners
to
the
default
clear
right.
So
at
aqua
we
implemented
two
additional
image
scanners:
one
is
3d
which
is
based
on
our
open
source,
3d
scanner
and
another
one
is
for
aqua
csp.
Of
course,
csp
is
a
product
which
is
not
only
for
scanning
but
also
runtime
protection,
so
we
are
enabling
its
scanning
capability
directly
into
the
hardware.
D
So,
according
to
the
specification,
we
provide
the
adapter
which
implements
the
scanner
api,
and
you
could
see
that
I
have
already
installed
the
adapter
on
my
vm.
What
is
important
for
the
adapter,
all
the
installation
guides.
Readme
prerequisites
are,
I
think,
well
documented.
In
enrique
we
have
actual
customers
using
it
and
opening
support
tickets.
Most
of
those
are
related
to
the
configuration
and
setup,
but
that's,
I
would
say,
battle
tested,
but
some
of
them
and
we
provide
the
helm,
chart
installation.
So
it's
pretty
easy.
You
just
need
to
know
the
you
know.
D
Obviously
you
need
the
license
for
the
aqua
csp
product
in
order
to
run
it,
but
we
also
require
you
to
specify
some
additional
information
about
the
registry,
an
aqua
registry
username
and
password,
as
well
as
a
aqua,
csp,
console
and
username.
Those
are
documented
and
everyone
who's
using
and
deploying
our
coin
production
should
have
those
credentials
from
from
the
aqua
documentation
or
it's
part
of
the
installation
package
right.
D
So
once
we
install
the
the
the
adapter
it's
like
for
other
scanner
adapters,
the
the
rest
endpoint,
which
is
intermediary
between
hardware
and
the
aqua
csp
product
under
the
covers
we
are.
D
The
integration
is
pretty
similar
to
3d,
because
there
is
a
scanner,
cli
binary
executable
that
we
are
spawning
as
a
process
within
the
adapter
container
in
order
to
submit
trigger
the
scan
and
submit
the
results
all
right.
So
I
think
when
it
comes
to
the
installation
and
setup,
that's
it.
D
The
most
important
thing
is
to
have
the
dedicated
user
for
scanning
and,
as
you
can
see,
I
have
already
created
the
scanner
user
and
it
needs
a
role
he's
granted
the
scanner
role
and
another
thing
in
order
to
enable
the
scanning
and
pluggable
scanners
experience
is
the
integration
with
hardware.
So
we
also
have
the
the
hardware
registry
integrate
and
configured
here.
I
could
also
test
that
connection.
My
setup
is
at
https
core
hardware
domain,
whereas
my
console
is
accessible
at
at.
Let
me
see.
D
My
console
is
accessible
by
default
at
this
at
this
url
right,
as
I
said
in
the
beginning,
I
have
all
the
software,
including
the
aqua
csp
product,
the
aqua
scanner
adapter
and
the
hardware
itself
deployed
to
mini
locally.
So
now,
as
you
might
know,
we
could
choose
the
given
adapter
as
a
default
one.
So
whenever
we
go
select
a
repository
and
the
project,
I'm
always
double
checking
here
yeah,
it's
also
aqua
csp
here,
inheriting
the
default
setup.
D
I
think
we
are
on
the
very,
I
think,
we're
just
logging
the
errors.
So
it's
not
verbose
output,
but,
as
you
can
see,
this
scan
succeeded
and
we
have
the
list
of
vulnerabilities
that
acquire
csp
found
displaying
hardware
ui
and
we
can
try
with
some
other.
Let's
say:
let's
count
jenkins,
just
to
show
you
that,
on
top
of
scanning
the
operating
system
packages,
we
could
also
scan
application.
Dependencies
jenkins
is
implemented
in
java
and
it's
using
lots
of
apache
commons
and
other
third-party
application
dependencies.
A
While
that's
happening,
danielle
does
trivia,
also
scan
java
packages,
or
is
this
a
specific
feature
to
csp,
since
that's
your
bigger
platform.
D
3D
does
support
application
dependencies
scanning.
Unfortunately,
currently
we
do
not
support
the
java,
but
we
support
npms,
I
believe,
ruby
on
rails,
but
we
are
planning
to
integrate
it
very
soon,
but
for
the
java
applications
you
only
this
capability
is,
is
only
with
a
commercial
aqua
csp
right.
So,
as
you
can
see,.
D
We
we
could
find
some
of
the
operating
system
packages.
Unfortunately,
when
we
defined
the
scanner
api
we
didn't
distinguish
from.
You
know
application
dependency
package,
so
they
are
both
displayed
here
and
maybe
sometimes
hard
to
find,
but
you
can
tell,
for
example,
here
right.
This
vulnerability
is
pointing
to
the
webinth,
so
the
standard
location
for
war
files
for
those
who
know
java.
So,
as
you
can
see,
there
is
a
jenkins
score
and
we
found
the
vulnerability
right.
E
D
Yeah,
so
I
think
that's
it.
If
you
have
any
questions,
one
maybe
last
comment
all
the
scans
that
we
triggered
from
hardware.
We
could
also
check
in
the
in
the
console
right
here
right
so
aqua
csp
has
its
own
vulnerability
reporting,
which
is,
let's
say
more
advanced,
because
because
you
could,
you
know,
display
vulnerabilities
by
layer
by
resource
and
some
other
features,
but
just
to
let
you
know
that
that
we
could
see
them
in
both
places
right
so
yeah,
that's
it
from
my
side.
A
A
Now
that
that's
perfect,
thank
you.
Thank
you,
first
of
all
for
for
the
work
that
you
guys
did
and
spearheading
this
effort,
and
this
is
great
integration,
we'll
have
to
see
more
and
more
things
coming
from
from
from
your
side
of
the
world
and
aqua.
Thank
you,
yeah.
Thank
you.
B
B
F
B
F
Okay,
now
I'll
begin,
hi
everyone,
I'm
bankry
from
dotec-
and
today
I'll
talk
about
two
sec
image
scanner
for
harbor.
It
will
take
about
10
minutes
well
by
the
way
this
this
word
reads:
dosak,
it's
short
for
do,
security
and,
and
our
scanner
doesn't
have
a
nice
name
yet
so
I'll
call
it
a
dusek
scanner
temporarily,
okay,
well,
first
I'll,
introduce
the
deployment
architecture
well
on
the
left
side
is
the
harbor,
and
the
registry
and
right
side
is
to
text
scanner.
F
So,
let's
see
how
a
scan
job
works.
The
first,
however,
will
send
the
job
and
the
token
to
the
adapter
api,
which
implemented
by
the
tooltech
scanner
and
then
scan
engine
will
use
this
token
fetch
layers
from
the
registry
and
and
well.
This
third
is
scan
the
image
and
store
the
result
in
database.
F
F
F
You
can
treat
this
diff
like
a
kit
diff,
you
know
and
it
will
merge
or
div
and
and
generate
a
complete
list
of
installed
packages
in
image
with
this
list.
It
query
the
database
and
link
each
package
with
vulnerabilities
and
there's
a
whole
scan
job,
and
if,
if
next
time,
someone
add
a
new
layer
to
this
image
and
the
screen,
you
only
need
to
download
the
newest
layer
and
detect
the
div.
F
F
Okay,
this
is
our
project
on
github
and
I'll.
Follow
the
install
steps
first
download
an
offline
store
package
then
run
install
shell.
It
will
be
installed,
it's
really
simple
and
then
configure
hover
and
let
me
introduce
the
configuration
well
there.
F
F
Well,
what
you
need
to
care
about
is
this
port.
The
first
port
will
expose
the
two
hosts
and
the
second
one
you
can't
change,
because
it's
hardcore
the
hard
code.
So
so
this
one
you
you
you
use
in
on
hardware
ui
and
this
this
this
is
a
log
directory
which
will
be
months
on
host,
and
this
is
inside
the
dock
container.
F
F
F
F
F
F
F
F
F
F
Okay,
you
see,
each
cv
id
is
followed
by
a
cnvd
id
and
the
description
are
chinese,
so
this
scanner
is
mainly
for
any
dealer,
I
think,
and
and
at
the
board
these
cve
they
haven't.
They
have
no
cnvid
because
they
are
they
haven't
recorded
into
the
cmvid
database.
F
F
F
G
G
B
Okay,
the
other
thing
we
have
to
mention
that
is
that
the
next
weekend
there
is
the
chinese
spring
festival
happy
to
happy
new
year
to
all,
and
during
this
time
on,
the
harbour
community
meeting
will
be
cancelled
in
the
next
two
weeks
and
the.