►
From YouTube: StackRox Community Meeting #9 - 2022-12-13
Description
The StackRox community meetings are held on the second Tuesday of every month. We use this time to get together and discuss gaps in the product and how best to move forward. Contributors are rewarded with StackRox gear as the RoxStar of the month.
- If you want to learn more about the project, head to StackRox.io
- The project's code repository can be found at https://github.com/stackrox/stackrox
A
Hello
and
welcome
to
the
last
community
meeting
of
the
year
for
2022
for
the
statcroft
community
meeting
I'm
Michael
Foster
a
community
co-chair
I
forget
what
the
term
is
that
we're
using
Matthias
and
I'm
joined
by
my
my
fellow
co-chair
hi.
A
And
so
today
we
got
a
quick
little
breakdown
for
you.
3.73
is
that
so
we
want
to
talk
about
those
release,
notes
we're
going
to
publish
a
public
roadmap
coming
out
soon.
So
all
the
PMS
came
together
and
discussed
their
priorities
for
2023,
so
look
forward
to
checking
that
out
and
then
we
want
to
just
open
the
floor
to
questions
it
doesn't
have
to
be
here.
A
It
could
be
on
YouTube
could
be
in
the
slack
Channel
as
well
and
the
last
bit
Rockstar
of
the
month,
if
you're,
watching
this
and
you're
part
of
the
slack
Channel
and
you
watch
the
video
come
out.
Email,
M,
Foster,
red
hat.com
within
three
days
of
this
posting
and
I'll.
Send
you
some
stack
rocks
here,
sound
good,
awesome,
all
right,
Matthias
I
think
we
should
kick
it
off
with
3.73
I
see
in
the
major
changes
of
note.
We
have
the
field
trial.
Announcement
first
I
feel
like
I'll.
Take
that
one
sure
please
go
ahead.
A
So
for
those
who
are
paid
to
Advanced
cluster
security,
they
have.
We
have
a
cloud
service,
Early
Access
program
available
for
customers
for
Red,
Hat
customers.
This
will
make
installation
operation
configuration
a
lot
easier
as
it's
a
simple
login
start
Central,
and
then
you
have
to
bring
your
Set
secured
cluster
nodes
online,
and
so,
as
clusters
come
up
as
you
move
clusters
away,
it's
a
lot
easier
to
manage.
You
don't
have
to
worry
about
having
an
operator
checking
into
the
latest.
There'll
be
faster
releases,
more
feature
updates
in
the
coming
year.
A
So
we
have
a
bunch
of
customers
that
are
already
getting
onboarded,
I'm
part
of
that
onboarding
service
and
look
forward
to
telling
you
when
that's
going
to
GA
sometime
next
year.
Any
questions
just
feel
free
to
Ping
in
the
slack
I'll,
probably
post
some
resources
after
this
goes
live
as
well
for
people
who
are
interested,
speaking
of
which
I
think
now
we
get
into
the
feature
heavy
stuff.
Let's
see
if
you
want
to
take
it
away,
yeah.
B
Sure,
so
what
I
can
what
I
want
to
share
with
you?
Actually
today
is.
We
have
two
exciting
technology
previews
that
are
also
introduced
with
73.
So
not
only
are
we
basically
launching
more
or
less
a
cloud
service,
but
also
doing
some
rather
deep
changes
to
our
infrastructure,
which
is
one
of
them,
is
a
technology
preview,
which
means
it
is
there
for
you
to
evaluate,
which
means.
Please
do
your
do.
Share
your
feedback
with
us,
but
please
keep
in
mind
it's
a
technology
brand
view,
so
things
can
change
and
also
things
might
break.
B
We
take
the
greatest
care
that
this
doesn't
happen,
but
also,
of
course,
we
rely
a
little
bit
on
testing.
That's
why
we
release
it
as
a
technology
preview.
So
what
do
we
have?
One
of
them
is
postgresql,
so
we
actually
moved
to
postgresql,
which
means
you
can
expect,
hopefully
expect
a
little
bit
better
performance
under
for
for
bigger
deployments.
B
It
also
means
backups
and
restoring
of
backups
gets
a
little
bit
easier
because
it's
a
little
bit
more
standardized.
And
finally,
though,
this
is
not
an
officially
supported
way
from
or
path
from
us
as
far
as
I'm
aware
of
yet
you
can
also
bring
your
own
so
you're,
not
necessarily
depending
on
us,
providing
you
a
database
anymore.
You
could
also
roll
your
own,
though
I'm
not
entirely
aware
of
how
the
support
path
for
that
looks
currently,
but
I
guess
that
will
also
be
determined
when
the
when
this,
when
the
feature
leaves
technology
preview.
B
Yes,
so
basically
yeah,
so
this
is
a
all
of
the
features
that
we
are
introducing
right
now
are
in
upstream
and
downstream.
So
these
are
feature
these
are
equally
in
features
for
open
source
and
closed
Source
or
open
source
anti-commercial
product
awesome,
which
also
brings
us
to
the
next
point,
a
feature
that
I
actually
co-developed,
which
is
build
them:
the
build
Time
kubernetes
network
policy
generator,
which
is
also
technology
preview.
B
We
have
talked
about
this
in
a
little
bit
under
a
different
name
some
time
ago,
because
we
already
released
that
one.
We
released
something
similar
as
a
developer
preview,
which
is
you
can
take
your
your
deployment
yaml
or
your
deployment
information
and
actually
run
it
through
rocks
cattle
to
let
it
generate
Network
policies
for
you
and
the
interesting
thing
about
these.
Is
they
so
these
are
you?
Should
you
could
or
should
treat
these
as
recommendations?
In
my
point
of
view,
so
the
idea
is,
you
have
a
big
deployment?
B
You
don't
know
where
to
start-
and
this
provides
you
a
great
starting
point,
because
it
gives
you
a
recommendation
based
on
what
your
actual
deployment
looks
like.
So
it
is
not
a
set
of
best
practices,
but
it
really
is
a
static
analysis
of
your
deployments
so
take
it
run
it
against
them,
see
what
network
policies
you
do
you
get
and
you
can
always
check
them
in
or
even
review
them
so
again.
Also
there
as
it
is
a
technology
preview
feel
free
to
actually
let
us
know
how
you
like
it.
A
Yeah,
luckily
I
mean
I've
tested
it
out.
It's
worked
very
well
for
me.
We've
always
had
the
ability
to
generate
Network
policies
in
a
network
graph
but
I
think
doing
it
at
the
command
line.
Doing
it.
You
know
when
you're
just
generating
a
GitHub
or
you
have
the
manifests
already
there
and
you
want
to
add
Network
policies
to
and
do
it
asynchronously.
So
you
don't
have
to
go
like
an
Ops
Team
to
do
it.
You
can
just
do
it
yourself,
I
think.
A
That's
awesome
and
I
believe
the
plan
is
to
possibly
in
the
future,
be
able
to
configure
certain
ports
and
protocol
policy
in
ACS.
So
when
you
generate
it,
you're
not
going
to
be
tripping
over
other
network
policies
that
have
been
generated
from
other
deployments.
So,
like
that's
future
looking
and
hopefully
in
2023,
that's
on
the
roadmap,
so
stay
tuned.
For
that
one.
A
It
says
here
additional
feature,
enhancements
and
Bug
fixes,
as
well
as
improved
vulnerability
management
dashboard
for
ACS
CS
users
from
the
affordability
management
dashboards.
If
you
dive
into
the
release
notes
which
we'll
Post
in
the
slack
Channel
as
well
I
know,
we
already
did
it,
but
we'll
do
it
again.
When
we
post
the
video,
you
can
see
that
there's
groupings
for
node
vulnerabilities,
what
is
it
I
forget
the
three:
it's
node
cves
image,
cves
and
platform
cve,
so
you're
separating
the
vulnerabilities
in
different
categories.
A
A
You
can
triage
and
you'll
know
exactly
who
you
want
to
reach
out
to
if
it's
an
image,
vulnerability,
that's
most
likely
on
you
right
on
your
application
and
what
you're
running
and
if
it's
a
node
one
and
since
we
have
rel9
scanning
and
things
like
that
that
have
been
released,
you'll
be
able
to
see
what's
associated
with
the
node
as
well.
But
do
you
still
miss
anything
there.
B
Not
for
that
there
are
definitely
some
other
changes.
I
would
definitely
want
to
talk
about
which
are
the
be
keep
in
mind,
so
our
product
uses
graphql
to
actually
provide
a
lot
of
information
to
the
front
end.
Please
keep
in
mind
that
graphql
is
not
the
officially
supported
API
yet,
which
means
please
use
the
rest
API
as
much
as
possible,
because
we
just
introduced
in
this
release
some
breaking
changes
to
the
way
our
graphql
API
is
built.
B
So
that
said,
if
you
are
you,
if
you
are
querying
the
graphql
and
relying
on
functionality
of
that
consider
moving
to
the
rest
API
and
also
be
mindful
when
upgrading
to
73,
because
that
might
break
you
break
your
automation,
but
in
actual
maybe
other
interesting,
but
better
news
is
that
we
also
continuously
optimize
the
the
security
contacts.
Con
security
context
constraints
that
our
our
different
parts
of
the
platform
actually
use,
which
means,
for
example,
a
scanner.
B
Basically,
it
doesn't
use
any
uid
anymore,
but
uses
a
more
restricted
one,
and
in
that,
in
that
wake
we
also
changed.
The
service
account
for
Central
a
little
bit
to
keep
up
with
the
changes
that
we
do
to
the
product,
so
these
are
notable
changes.
They
are
unlikely
to
break
anything
on
your
side,
but
I,
just
I
wanted
to
be
heard
that
we
keep
continuously
optimizing
and
and
changing
the
way
our
the
our
platform
is
actually
secured
itself
and
what
rights
it
has
or
permissions.
It
has.
A
Yeah
very
important,
especially
as
kubernetes,
keeps
changing
as
well
and
different
things
like
the
security
profile
operator,
I
think
got
released
to
by
red
hat,
which
is
an
open
source
project,
so
different
projects
all
coming
in
very
cool
and
that's
all
in
the
release,
notes
right,
Matthias,
yes,.
B
There
is
a
lot
of
reasoning
behind
that.
It's
it's!
It's
been
a
very
interesting
conversation
that
we
had
in
engineering
about
this,
but
the
end
result
is:
we
will
be
removing
in-product
documentation.
So
if
you
are
running
ACS
or
stack
rocks
for
that
matter,
completely
offline
be
mindful
that
the
in-products
will
vanish
with
the
next
release.
A
B
Yeah,
so
we
are
so,
the
problem
is
actually
to
our
our
documentation
is,
is
currently
or
needs
to
be
held
in
two
different
formats,
one
for
the
official
documentation
on
the
web
page
and
one
for
the
complete
container
that
is
actually
providing
the
docs
in
the
product
and
the
problem
for
us
is
simply
the
container
the
overhead
to
actually
managing
that
container
and
also
keeping
that
container
safe,
because
it
is
a
possible
entryway
into
the
product
is
a
lot
to
do
and
we
think
it
is
a
better,
a
better
reasoning,
or
it
is
a
better
way
of
securing
our
product
to
actually
cut
out
the
pieces
that,
as
far
as
we
are
aware
of
most
customers,
maybe
don't
use
that
much.
B
A
Yeah
might
as
well
cut
down
on
anything
that's
redundant
and
opens
up
another
attack
Vector,
so
awesome,
that's
look
in
3.74
I
believe
is
when
the
documentation
will
change
cool,
correct,
so
stay
tuned
early
next
year
in
the
first
quarter,
you'll
see
3.74
get
released
then
we'll
be
back
until
then.
We
look
forward
to
a
what's
next
hosted.
Docs
can
also
owe
Oscar
is
posting
and
here
hosted.
Docs
can
also
be
maintained
on
the
Fly
FYI.
There.
B
A
Go
like
I
said
questions
in
slack
channel.
The
road
map
recording
the
what's
next
recording
will
all
get
posted
before
for
the
holidays,
so
check
that
out
and
I'll
post
information
about
the
Early
Access
program.
If
anybody's
interested
in
trying
out
ACS
for
free
ACS
cloud
service
for
free,
all
we
ask
is
for
feedback,
so
that's
pretty
awesome
but
see.
There's
anything
else.
You
want
to
tell
the
rock
stars
before
we
sign
off.
B
Maybe
keep
in
mind
that
most
engineers
at
redhead,
which
also
includes
our
pro
project,
will
be
off
for
Christmas,
so
basically
starting
from
the
20
from
mid
end
of
next
week
until
the
beginning
of
the
new
year,
most
of
the
engineers
will
most
likely
be
off.
So
keep
that
in
mind
when
you
open
issues
or
if
you're
waiting
on
an
answer
from
one
of
us,
it
may
take
a
little
bit
longer.
A
Awesome
all
right,
thanks
for
the
the
last
community
meeting
of
the
year,
we
look
forward
to
seeing
you
in
the
second
Tuesday
of
the
New
Year
2023.
I'm
Mike,
Foster
and
I'm
joined
by
my
fellow
Rockstar.