►
From YouTube: StackRox Community Meeting #6 - 2022-09-13
Description
The StackRox community meetings are held on the second Tuesday of every month. We use this time to get together and discuss gaps in the product and how best to move forward. Contributors are rewarded with StackRox gear as the RoxStar of the month.
- If you want to learn more about the project, head to StackRox.io.
- The project's code repository can be found at https://github.com/stackrox/stackrox.
A
So
welcome
everyone.
Welcome
to
this
month's
sacroix
community
meeting.
My
name
is
Matthias
I'm,
one
of
the
community
managers
at
day
and
also
developer
by
night
and
I'm,
also
joined
by
my
fellow
Community
manager,
Foster
yeah.
B
Hey
everybody
I'm
Mike
Foster
at
a
Toronto
came
over
worked
with
stack
rocks
for
two
years,
happy
to
be
here
at
I.
Think
our
sixth
community
meeting
we're
half
a
year
now
at
this
point,
so
pretty
excited
I
know
some
of
your
faces,
but
I
would
actually
love
to
hear
from
you
guys,
maybe
start
with
the
the
newbies
who
haven't
been
on
the
call
before
words
yeah
about
yourself.
C
Hi
yeah
so
first
time
for
me
joining
this
meeting
I'm
an
engineer
of
the
of
ijcs
and
I
wanted
to
providing
quick
update
on
a
specific
issue
that
seemed
to
cause
some
some
customer
interest,
namely
the
deprecation
of
pod
security
policies
and
the
upcoming
kubernetes
version,
and
just
wanted
to
erase
some
awareness
here
and
describe
how
the
update
to
kubernetes
125
will
look
like
for
for
stack,
rocks,
customers
and
users.
B
Perfect,
you
know
we
have
a
whole
time
carved
out
for
you.
So
look
forward
to
hearing
about
it.
Yeah
You,
Wanna
Give
us
a
brief,
I'm,
just
kind
of
going
in
order
on
my
screen,
and
if
you
don't
want
to
it's
fine,
if
I
don't
hear
from
you
in
two
seconds,
I'm
just
gonna
pass
it
off.
We
got
yawn
Dane.
If
you
wanna
to
chat
I,
know
that
you
are
probably
one
of
our
most
active
commentators
in
the
stack
rocks
channel.
So
I
would
love
to
hear
from
you
and.
D
E
Well,
I'm
in
Florida,
so
I
my
chances
to
wear
it.
It's
seasonal,
but
I
did
actually
wear
it
last
week
because
it
was
so
cold
at
the
air
conditioning
McLeod
security
engineer
with
a
company
called
Tempest
Labs.
That's
headquartered
out
of
Chicago
been
there
for
two
years
and
we
use
stack
racks
and
yeah
I'm
looking
to
expand
the
use
of
it
actually
I'm
trying
to
figure
out
how
to
how
to
make
it
work
across
different
Cloud
platforms
without
standing
up
all
the
different
instances
and
everywhere.
B
B
Yeah
and
let
us
know
if
you
run
into
any
issues
in
the
chat
as
that's
honestly,
a
pretty
cool
use
case
that
we
could
use
I
think
we
have
one
last
person
here,
Matthias
your
friend,
sorry
I
didn't
get
your
name
yeah.
D
Hey
look
at
this.
D
Working
for
for
a
public
insurance
company
in
Germany
we're
using
ACS
at
least
we'll
be
evaluating
it
and
yeah.
We
ran
into
some
difficulties.
We
we
like
it
so
far,
but
I
just
wanted
to
join
in
and
saves
them
as
something
interesting.
We
can
learn.
B
Google
I
think
that's
thanks
for
joining
and
get
to
everybody
Matthias.
If
again,
the
community
meeting
notes
are
in
the
chat.
If
you
want
to
follow
along,
we
have
a
whole
agenda
in
case.
You
want
to
kick
it
off
with
the
first
item.
A
Yeah,
so
actually
that's
why
I
rummaged
through
my
clothes
dryer
and
tried
to
find
the
Oktoberfest
t-shirt
from
the
last
years.
So
we
are
I'm
I'm,
happy
to
announce
that
we're
officially
taking
part
in
Oktoberfest,
which
is
a
yearly
competition
of
GitHub
or
also
GitHub,
together
with
some
other
sponsors
and
usually
what
you
do
is,
basically,
you
can
hand
in
five
pull
requests
at
different
at
any
and
any
repository
or
project,
that's
taking
part,
and
if
you
do
so
in
October,
you
get
some
nice,
Merchants,
YX
and
and
stuff
from
them.
A
So
what
we
decided
to
do
is
actually
we
are
currently
rummaging
through
our
develop
our
we're
trying
to
pick
the
brains
of
fellow
engineers
in
ACS
and
trying
to
come
up
with
more
issues
that
we
can
actually
post
to
the
GitHub
issues
page.
So,
if
you
take
a
look,
we're
tagging
we're
currently
tagging
every
single
issue
that
might
be
interesting
for
hacktoberfest
with
this
tag.
So
if
you
just
search
our
issues
by
this
tag,
you
will
find
at
least
all
of
these
issues
are
definitely
up
for
grabs
and
easy
ones.
A
There's
also
other
open
issues.
So
if
you
find
anything
else,
please
feel
free
to
jump
on
everything
that
is
not
assigned
to.
Anyone
is
up
for
grabs
and
we're
more
than
happy
to
provide
a
little
bit
of
help
and
obviously
feedback
and
hopefully
merging
all
of
that
so
and
I
guess.
If,
for
anyone
looking
into
the
meeting
notes,
Foster
I
think
we
have
a
little
a
little
surprise
to
to
make
it
a
little
bit
nicer
for
everyone
part
taking
part
right.
B
Yeah
I
have
to
go,
take
a
little
stock
of
how
much
inventory
how
much
stock
right
stack
racks
gear
we
have
left.
But
the
hope
is
to
to
send
people
who
are
contributing
and
helping
out
with
Oktoberfest
some
gear
as
well.
So
look
forward
to
that
and
probably
have
more
information
at
the
next
meeting
slashing
in
the
chat.
A
Yeah
and
speaking
of
which
so
actually
Jan
grabbed
one
of
the
issues
that
we
originally
planned
or
Jan
beat
us
to
actually
making
public
one
of
the
issues,
which
is
also
we
have
now
a
nice
way
of
basically
having
a
single
click
or
one
click,
installation
and
deployment
of
Stack
rocks.
So
you
can
now
use
a
home-based
install
to
deploy
the
whole
thing
with
just
one
click
or
one
command,
and
that's
just
awesome.
B
Yeah
and
it
works
like
a
charm
too,
by
the
way
I
tested
out
in
openshift
in
Google
and
Amazon
worked
all
three
times.
So
that's
that's
your
your
used,
one
in
case
you're
wondering
next
up.
We
have
incoming
changes
to
the
open
source,
triage
process,
light
yeah.
A
So
originally
what
was
happening
is
when
we,
when
we
first
open
sourced,
stack
rocks.
It
was
I
volunteered,
together
with
us,
with
Foster
and
some
fellow
Engineers,
to
take
a
look
at
the
board
and
trying
to
triage
issues.
But
the
problem
is
that
there's
always
more
and
more
or
maybe
not
more
important
stuff,
but
there's
always
stuff
that
you
need
to
take
care
of,
and
sometimes
you
just
forget
or
there's
too
much
to
do
so.
We
decided
to
actually
do
a
real
engineering.
On-Call
rotation
so
so
be
prepared.
A
The
hopefully
or
ideally
the
time
to
respond
to
issues
or
pull
requests
will
lesser
will
shorten
a
bit
again
because
it's
gotten
quite
long
in
the
recent
times,
especially
because
of
holidays.
So
that
shouldn't
be
an
issue
anymore
and
also
expect
more
or
different
people
to
answer
any
issues
that
you
open
up.
So
you
will
not
only
see
Foster
or
me
primarily
work
there,
but
also
other
people.
B
Yeah
awesome
yeah.
Now
we
have
our
PSP
expert
on
the
line
to
shed
some
light.
I'm
gonna.
Take
it
away.
C
Yeah
sure
so
I
I
want
to
make
it
quick,
but
if
you
have
any
questions
any
input,
please
go
ahead
so
PSPs.
C
For
me,
it's
actually
the
first
time
that
since
I'm,
working
with
kubernetes
that
an
API
is
not
only
deprecated
but
completely
removed,
so
it
also
was
an
interesting
question
for
me.
How
exactly
that
works?
I
mean
when
kubernetes
won
25
is
released.
What
is
what
do
users
of
this
of
this
API
experience,
and
so,
according
to
also
the
the
kubernetes
slack
and
all
the
information
that
we've
got,
it
seems
like
the
resources
that
might
exist
for
this
API,
namely
pod
security
policies.
C
They
are
simply
forgotten
when,
when
you
update
to
125
but
there's
one
important
thing
that
users
need
to
be
aware
of
which
is
they
if
they
were
relying
on
PSPs
before
they
probably
have
the
admission
controller
plugin
for
PSPs
enabled,
and
they
need
to
disable.
This
explicitly
I
believe
that
if
they
don't
do
this,
then
kubernetes
simply
will
not
start
up.
C
So
this
is
some
manual
step.
They
need
to
do
in
order
to
have
a
have
a
smooth
upgrade
experience
to
125.
now
in
terms
of
Stack
rocks.
We
have
several
installation
methods
so,
but
essentially
they
all
boil
down
to
to
to
help
charts
that
we
have,
and
we
have
implemented
an
auto
sending
feature
in
the
helm
charts,
which
means
that
these
resources,
they
will
not
be
created
anymore
if
the
PSP
API
is
not
available.
C
So
you
can
also
control
this
explicitly
if
you
use
the
Hem
chart
for
manually
installation-
and
you
can
also
control
this
if
you
like,
but
the
auto
sensing
is
probably
what
most
users
will
will
experience
and
yeah,
so
they
don't
need
to
do
anything
special
yeah.
Also,
the
operator
based
installation
method
uses
the
hand
charge
under
the
hood.
So
same
thing
applies
here.
C
C
I
can
also
say
a
few
words
about
about
that.
If,
if
the
interest
is
here,
but
for
obvious
reasons,
we
cannot
have
Auto
sending
there
because
the
the
resources
are
generated
ahead
of
time.
So
it's
not
like
there's
a
rendering
going
on
while
having
access
to
a
kubernetes
cluster.
C
C
So
Rox
cattle
can
output
the
the
Androids
and
the
deployment
bundles
and
when
you
output
the
deployment
bundle,
you
have
flag
for
toggling.
This
I
believe
yeah
for
for
backwards
compatibility
reasons.
We've
decided
to
default,
at
least
for
now
default
this
to
PSPs
being
enabled,
because
so
the
stack
box
version
that
will
be
out
when
125
is
released
when
kubernetes
125
is
released,
is
stack,
rocks,
371,
I,
believe-
and
this
is
already
ready
for
this
PSP
removal,
but
again
contains
all
these
toggles
and
rocks
cattle.
C
B
Makes
sense
too,
because
125
probably
won't
really
be
in
support
on
any
of
the
clouds
for
probably
another?
What
four
to
six
months,
minimum
right
I
think
it's
normally
eight
months
trailing.
So
there
is
some
time
where
a
little
bit
ahead
of
it
unless
you're
doing
a
an
open
source,
kubernetes
install
and
managing
it
yourself
with
with
one
two
five.
You
should
run
to
that
issue
for
probably
another
six
months,
but
I
don't
have
any
questions
Matthias
any
questions
for
no
I.
Think
yeah.
B
That's
awesome
thanks
for
thanks
for
coming
on
sure
and
speaking
of
of
release,
you
mentioned
3.71
I.
Think
the
next
thing
that
we
had
Matthias
was
the
release
process
for
3.72.
A
Right
so
that
got
kicked
off.
What
is
it
so?
Basically
we're
we're
right
now
in
the
release,
preparations
472,
and
if
you
have
a
look
at
the
change
lock,
there
is
actually
quite
a
bit
of
stuff
incoming
that
might
be
interesting
for
for
users,
which
is
we
actually
removed.
Some
API
endpoints
revolving
around
policy
categories
and
also
I
think
the
biggest
change
is
that
we
deprecated
label
and
annotation
search
options
in
the
web
UI.
So
they
will
not
go
away
until
73,
but
we
are
basically
they've
been
renamed.
A
So
please
have
a
look
at
the
ideally
have
a
look
at
the
changelog,
because
there
we
actually
list
the
changes
and
list
The
Replacements
that
you
can
use
instead
of
the
deprecated
labels,
labels
and
annotations
that
were
yeah,
basically
there
for
duplicating
right
now,
I
guess.
Besides
that,
we
also
have
a
lot
of
technical
changes
and
I.
A
Think
if
I
remember
correctly,
we
also
have
a
small
change
to
out
of
the
box
policies
that
we
ship
on
new
installations,
but
I
think
the
most
important
change,
at
least
for
users,
will
be
definitely
the
remove
the
deprecation
of
labels
and
annotations.
So
they
will
work
for
for
now
in
72,
but
they
will
not.
They
will
stop
working
in
73.
So
if
you
use
them,
maybe
think
about
rebuilding
your
search,
queries.
A
B
Yeah,
the
cncf
slack
will
definitely
be
the
best
way,
though,
to
get
a
to
get
an
answer,
and
if
you
have
the
question,
I
guarantee
you.
Somebody
else
has
the
question
too.
So
it
would
be
great
to
hear
from
you
there
Matthias.
You
mentioned
that
you
were
working
with
netpole,
specifically
mpguard
and
integration.
So
maybe
you
want
to
just
chat
about
that.
Real,
quick
and
then
yeah
I'll
get
into
kubecon.
A
That's
also
something
that
we
might
so
that
we
won't
be
shipping
with
the
71.
So
with
the
current
release,
we
won't
be
shipping
this.
We
will
be
shipping
this
or
this
will
be
available
in
Upstream,
so
in
open
source
stack
rocks
this
it's
actually
not
merged
as
of
right.
Now,
if
I
remember,
if,
if
I
remember
correctly,
but
it
should
get
merged
till
the
end
of
the
week,
so
what
have
I
have
been
up
to
so
I.
A
Actually,
in
conjunction
with
another
engineer,
we
developed
something
that
is
called
Rox
cattle
generate
netball,
so,
as
you
might
might
have
guessed,
this
is
this
revolves
around
Network
policies.
So
the
idea
is,
most
users
don't
make
use
of
network
policies
because
they
are
complex,
they're,
not
super
easy
to
understand,
because
it's
more
than
just
firewall
rules,
so
we've
so
we
actually
teamed
up
with
with
mpguard,
which
is
an
open
source
foreign
tool
for
static
analysis
of
your
deployment
information.
A
A
There
is,
however,
so
the
full
feature
set
is
available
in
npgaret,
which
is
the
upstream
or
which
is
the
open
source,
full
full
product
of
another
team,
and
we
started
integrating
parts
of
it
into
rocks
cattle
generate
netball.
So
at
this
point
we
are
releasing
this
as
a
def
preview.
So,
as
the
name
implies,
we
are
actively
looking
for
feedback
for
users
to
use
it
so
I
have
in
the
community
meeting
document.
I
have
linked
the
readme
that
will
be
available
in
the
full
as
soon
as
it's
merged.
As
the
pull
request
is
merged.
A
This
will
be
available
on
Master
as
well.
That
basically
explains
how
to
use
it
and
where
to
use
it,
and
actually
it's
hidden
behind
a
feature
flag
right
now.
So
you
won't
get
this
just
anywhere,
but
generally
I
would
be
super
interested
in
getting
some
feedback
from
you
folks
in
have
you
actually
tried
to
use
it?
Have
you
does
it?
Does
it
work
on
your
on
your
deployments
or
on
your
resources
to
be
correct,
and
also
are
the
network
policies
meaningful
that
they
help?
A
Do
you
want
to
change
anything
about
this,
because
we're
in
a
state
of
this
is
basically
yeah
a
developer
preview.
So
it's
a
little
bit
more
than
than
a
proof
of
concept,
but
not
too
much
more,
so
we're
still
in
the
process
of
actively
getting
community
feedback,
and
we
can
change
a
lot
about
this.
So
please
have
a
go
at
this,
have
a
look
at
it
and
if
you
are
interested
in
the
full
feature
set
of
course
stop
by
npgar,
it
maybe
look
at
them.
They
are
actually
originally
a
python
project.
A
B
Yeah-
and
it
was
originally
sort
of
thought
about
for
developers
right,
we
wanted
to
give
the
network
policies
early
so
that,
if
developer
just
has
their
their
deployment
in
their
service,
they
can
generate
a
network
policy
with
it
and
check
it
in
and
that
way
operations
team
can
do
some
validation
a
little
bit
earlier
on.
That
was
the
goal.
I'm
also
just
curious
to
see
how
other
teams
would
implement
it,
because
there's
a
lot
of
different
structures
at
different
companies.
Some
are
small.
B
Some
are
big,
so
yeah
look
really
look
forward
to
hearing
that
and
in
fact
we
have
like
a
five
minute
chat.
Just
about
mpgard
and
network
policy
is
a
kubecon
coming
up,
so
in
October,
28
24th
to
28th
in
Detroit
is
kubecon.
There's
Cloud
native
security.
Con
there's
a
supply
chain
security.
Con
will
be
at
and
open
shift
comments
so
specifically
for
ACS
we're
going
to
be
there.
B
The
first
two
days,
Monday
and
Tuesday,
or
sort
of
the
co-located
events
that
are
security
focused
if
anybody's
planning
on
coming
or
watching
virtually
love
to
hear
from
you
or
chat
will
be
around
and
then
cubecon
itself,
I'm
hope.
I'm
just
looking
to
go
to
all
the
in-person
person
events,
because
I
haven't
been
to
an
event
since
before
covet
everything's
been
remote
for
three
years,
so
I'm
super
excited
if
anybody's
gone.
B
A
Yeah,
maybe
so
also
the
npgot
folks
are
also
there
as
well
with
I
think
they
even
have
their
own
booth
so
feel
free
to
stop
by
and
and
also
talk
with
them
as
well.
So
there
might
be
some
synergies
and
you
we
can
all
have
a
little
chat
together
or
you
can
all
have
a
little
chat
together
because
I
mean
I'm
based
out
of
Europe
and
I.
Don't
think
I
get
to
to
fly
over
to
cubecon.
B
Yeah
I
don't
know
if
going
from
Germany
to
Detroit,
it
might
be
a
little
anti-climactic
but
final
Point,
since
Jan
decided
that
he
wanted
to
be
the
first
in
the
hacktoberfest
to
pick
off
the
first
issue.
We
wanted
to
make
Yan
the
Rockstar
of
the
month,
so
I
know
he
mentioned
that
he
was
having
dinner
thanks
for
for
listening
to
our
to
our
meeting
and
listening
for
20
minutes.
B
Just
to
hear
that
you
won
something
but
I
really
appreciate
the
work
and
it
works
flawlessly,
at
least
for
me,
so
yeah
I'll
reach
out
to
you
I
got
to
send
you
some
swag
I,
think
you'll
probably
make
more
use
of
the
sweatshirt
than
than
Dane
has
being
in
Florida,
but
yeah
again,
I
really
appreciate
all
your
help
and
that's
the
the
last
thing.
I
had
the
last
thing
that
we
had
in
the
gsaic
for
the
the
meeting.
Are
there
any
questions?
I
just
want
to
open
the
floor
issues.
B
Right
as
always,
if
you
don't
want
to
speak
about
it
now,
you
can
go
into
the
chat.
It's
nice.
We
have
guys
like
Andy,
climenko
and
Neil
who
joined
as
well,
who
are
at
you
know,
other
companies
that
still
are
very
active
in
the
the
stack
rocks
chat.
So
you
get
get
all
that
wealth
of
Knowledge
from
years
with
Stack
Rock,
so
Matthias
any
final
words
before
we
we
head
out
I.
A
Guess
find
us
on
the
cncf
slack
feel
free
to
Ping
us.
If
you
have
any
questions
or
feedback
and
also
finally
join
us
for
hectober,
it
would
be
cool,
and
it's
also-
maybe
maybe
there
is
some
swag
in
there
as
well,
some
additional
ones,
but
also
it's
the
best
way
of
of
just
onboarding
and
starting
to
contribute
to
stack,
rocks
and
therefore
ACS.
Basically,.