►
From YouTube: StackRox Community Meeting #17 - 2023-08-22
Description
The StackRox community meetings are held on the second Tuesday of every month. We use this time to get together and discuss gaps in the product and how best to move forward. Contributors are rewarded with StackRox gear as the RoxStar of the month.
- If you want to learn more about the project, head to StackRox.io
- The project's code repository can be found at https://github.com/stackrox/stackrox
A
Hello,
everyone
and
welcome
to
the
August
2023
edition
of
the
stack
Rocks
Community
meeting
I'm,
the
stockhaus
co-chair
Michael
Foster
I'm
joined
by
my
other
co-chair
Matthias,
medinger,
sorry
for
the
two-week
delay.
We
had
a
little
summer
vacation,
but
we're
back.
We
have
a
couple
quick
topics,
including
the
4.2
release.
That's
coming
up
a
patch
release,
4.1.3
that
came
out
yesterday.
I
believe
Matthias.
B
Yesterday
or
today,
depending
on
the
time
zone,.
A
Okay,
depending
on
the
time
zone,
it's
very
recent,
so
we'll
update
you
on
that,
and
then
I
mentioned
this
in
the
last
meeting,
but
the
ACs
roadmap
has
been
updated.
So
get
your
notes
in
take
a
look
at
what
we're
working
on
over
the
next
year
and
let
us
know
what
you
think
if
something's
missing
on
the
roadmap,
we
would
love
to
hear
from
you
but
yeah.
That
was
the
first
agenda
point.
Just
the
ACs
roadmap
is
there
in
the
notes:
I'll
post
it
again
in
the
channel
for
those
who
missed
it.
A
A
lot
of
a
lot
of
updates
come
in
the
next
year
and
typically
we
update
the
roadmap
every
six
months,
so
stay
tuned
for
December
January
update
again,
if
there's
something
that's
missed,
please
let
us
know
in
the
issues
or
in
the
slack
Channel,
because
I
will
try
to
get
that
in
the
roadmap
and
get
the
PMS
taking
a
look
at
it
on
the
next
next
item
on
the
agenda
is
the
4.1.3
patch
release?
Matthias
I
was
hoping
to
give
us
a
little
color
on
that
one.
Take
it
away.
B
Yeah
sure
so,
first
of
all,
I'm
I'm
also
actually
I,
think
a
lot
of
people
in
Engineering
also
looking
forward
to
what's
coming
on
the
roadmap,
because
there
are
actually
really
exciting
topics
to
exit
to
tackle.
So
at
least
I
am
very,
very
happy
and
looking
forward
to
what's
coming
up
soon.
Hopefully-
and
that
said
with
the
4.1.3
patch
release,
we
actually
had
to
do
some
backboards
and
smaller
error
Corrections.
So
if
you
are
running
on
the
latest
this
version,
you
should
be
good
to
go.
B
As
always,
we
recommend
updating
even
to
the
latest
patch
version,
but
on
the
other
hand,
as
far
as
I'm
aware
of
there
are
no
critical,
cves
or
security
flaws
that
we
closed
with
the
pet
release,
so
do
do
as
you
like
and,
as
always,
please
be
sensible
and
try
to
stay
on
top
of
things.
That
said,
we
are
also
entering
code
freeze
tomorrow
for
foref.2.
B
That's
why
I
was
a
little
bit
open
with
the
patch
release,
because
we
are
expecting
to
release
photo
2
in
mid
early
to
mid
September,
so
not
too
much
longer
until
the
next
version.
This
one
will
also
have
some
nice
highlights.
So,
for
example,
if
you
are
using
openshift
or
the
open
container
platform,
you
will
be
delighted
to
see
that
we
are
integrating
with
the
native
openshift
monitoring
so
by
it
is
now
enabled
or
will
be
enabled
by
default
for
new
installations.
B
There
is
also
a
single
switch
that
you
can
that
you
can
set
to
to
flip
that
completely
off
to
you.
There
is
also
a
single
switch
that
you
can
actually
set
to
toggle
that
completely
off,
as
always,
take
a
look
in
our
release,
patch
notes
and
and
changelog
to
actually
have
some
more
details
on
that
and
continuing
with
the
highlights.
There
are
improvements
to
image
repository
handling,
so
image
enrichment
and
and
reaching
out
to
image
repositories,
which
has
been
an
area
where
we
received
a
lot
of
feedback
in
the
past.
B
So
look
forward
to
that
improvements
are
coming,
especially
in
terms
of
handling
of
mirror
image,
mirroring
of
repositories.
That's
gonna
improve
a
lot,
and
finally,
there
is
as
ebpf
or
core
BPF
is
the
most
interesting
one
of
the
most
interesting
topics.
In
recent
times.
We
can
also
say
that
with
photo
2,
the
core
BPF
collection
method
that
we
use
to
actually
collect
information
about
containers
will
be
GA
and,
as
far
as
I'm
aware
of
will
even
be
the
new
standard
collection
method,
which
is
super
nice
yeah.
A
I
think
it's
going
to
be
that
moving
forward
and
kernel
module
has
been
deprecated
and
I
believe
removed
as
of
now.
So
it
is
not
an
option.
My
correct
understanding,
I
believe
with
the
patch
release
it
was.
It
was
removed
completely
so
we're
using
ebpf
and
then
in
the
future
core
BPF,
which
will
definitely
help
on
engineering
time
I
for
context.
Core
BPF
is
a
single
standard
of
EPF
monitoring
across
all
the
Linux
distributions
right,
which
makes
upgrading
and
maintaining
a
lot
easier
across
Linux.
B
Correct
yeah,
so
where,
in
in
the
past,
we
had
to
basically
build
monitoring
for
each
kernel
that
we
supported
by
hand
or
custom
compiling
with
automation,
obviously,
but
still
had
to
set
that
up
everything
we
can
nowadays
every
we
can
basically
support
any
distro
that
supports
core
BPF,
which
makes
our
life
a
lot
easier.
It
cuts
down
on
the
main
tenants
and
also
makes
it
just
in
generally,
very
quick
to
support
new
or
different
distros.
A
Awesome
and
then
the
last
note
that
we
have
here,
as
always,
if
you're
using
stack,
Rocks
open
source,
it
is
best
effort
support
from
Engineers.
So
we
love
that
you're
in
the
slack
Channel
messaging
Us
opening
up
issues
we
get
to
it
when
we
can,
especially
when
we're
not
on
vacation
right
Matthias
for
those
who
are
paying
for
ACS
the
paid
version
there
will
be
as
a
4.3.
There
will
be
no
support
for
rollback
release
to
4.0
and
3.y
releases.
This
is
in
standard
with
our
typical
support.
Matrix.
A
B
We're
roughly
doing
every
we're
roughly
releasing
a
new
minor
version
every
three
months,
so
that
adds
up
to
nine
months
of
support,
and
the
important
thing
to
note
here
is
additionally,
this
is
also
a
technical
restriction.
So
if
you
upgrade
to
Fallout
3,
there
is
no
way
of
going
back
to
4.0
or
3
Dot
anything.
So
there
are
changes
in
the
way
our
database
works
as
far
as
I'm.
Aware
of
so,
there
is
definitely
also
technical
reasons.
Besides
the
besides
the
Enterprise
support
reasons
that
we
usually
have
as
well.
A
Get
a
note:
4.3
is
a
little
ways
away
just
want
to
give
you
the
early
warning
so.
B
A
Everything's
in
the
notes-
and
it's
linked
in
the
slack
Channel,
if
you
want
to
find
them
on
to
the
questions,
I
know
that
we've
been
away
so
I've
been
getting
slack.
Notifications
on
vacation
I
had
to
turn
them
off.
I've
been
a
little
slow
in
responding,
but
we
wanted
to
get
to
some
of
these
questions
here.
Brandon
Helms,
first
question:
random
question
is
Cube
linter
supported,
or
is
there
a
better
replacement?
I
saw
that
Neil
was
in
the
chat,
saying
that
there
are
other
configuration
management
Tools
around
cube.
A
Linter
is
open
source
best
effort,
supported
I
know
that
some
fixes
get
we
got
put
up
in
May,
depending
on
the
issues.
There
are
open
contributions
from
other
companies
and
people
that
that
help
any
other
thoughts
on
what
the
term
supported
here
means.
Matthias.
B
So
we
have
a
small
team
of
people
that
are
really
dedicated
working
on
Cube
Linder.
Unfortunately,
it
is
kind
of
a
hard
sell
in
its
current
form
to
prioritization
or
in
terms
of
prioritization,
so
we
have
people
that
have
that
are
interested
to
work
on
it,
but
it's
sometimes
harder
to
to
have
it
prioritized
highly
enough
against
features
that
Forex
that
are,
for
example,
on
the
roadmap,
so
it
is
still
supported.
Yes,
nowadays
there
are
options
and
Alternatives,
which
is
a
good
thing.
B
So
if
you
have
so
as
as
you
said,
there
are
other
products,
other
companies,
and
we
also,
but
on
the
other
hand
we
also
get
external
contributions
on
it,
so
it's
definitely
not
dead.
Currently,
it's
more
running
on
a
best
effort
support,
but
there
are,
there
might
be
changes
in
coming
sometime
in
the
future,
because
there
are
discussions
behind
the
scenes
whether
we
could
restructure
and
reorganize
some
some
other
things
around.
B
That
would
make
supporting
Cube
blender
a
little
bit
easier,
but
that's
all
just
talk
until
so
until
now,
so
with
the
current
information
with
the
current
state
of
things,
I
would
say
it's
it's
still
supported.
It's
the
best
effort,
and
yes
nowadays,
there
are
options
available.
A
And
then
Dane
has:
are
there
any
plans
to
report
on
slash
detective
running
ebpf
programs,
anything
Allah,
Aqua
Tracy
now
I
did
a
quick
research
on
aqua's
Tracy,
evpf
collection
and
it's
very
similar
to
our
ebpf
collection,
runtime
agent,
I'm,
not
even
sure,
if
I'm
using
a
proper
vernacular
there
but
Matthias.
You
want
to
just
give
me
a
quick
rundown
on
our
ebpf
module.
B
So
as
as
far
as
I
understand,
Aqua
Tracy
and
our
collector
are
quite
similar.
I
have
to
say
that
I'm
I've
never
worked
on
our
actually
actual
collectory
BPF
code
and
also
I've.
Only
given
aquatricia
skim
skim
read
so
then,
if
you
are
interested
in
going
a
little
bit
deeper
on
that,
please
let
us
know,
ideally
in
the
slack
Channel,
then
I
can
connect
you
with
the
right
people,
be
it
our
collector
team
that
actually
works
on
the
ebpf
thing
or
with
our
with
one
of
our
PMS.
B
A
All
right
on
to
only
Krishnan,
I
hope,
I'm
saying
that
properly
at
the
Stack
Rock
lists
s
bombs,
software
build
materials
for
images
in
a
cluster
and
correctly,
if
I'm
wrong
short
answer
right
now.
No,
but
that's
in
the
road
map,
the
big
question
is:
if
we
bring
in
s-bombs,
we
have
to
make
sure
who's
maintaining
them.
It's
verified
that
it's
not
just
somebody
uploading
a
PDF
onto
their
GitHub
and
then
we're
importing
it
and
that
doesn't
really
make
sense.
A
A
Let's
say
not
mislead
you
just
because
something
there's,
because
there's
an
s-bomb
there
doesn't
mean
that
it's
secure.
It's
just
another
piece
of
security
information,
and
so
we
also
don't
want
you
to
get
overwhelmed
when
you
go
into
the
UI
and
you
see
s-bombs
and
runtime
and
configuration
details
how
to
do
that
in
a
simple
and
effective
way.
Something
That
We're
debating
currently
I
think
internally.
A
But
yes,
it
is
on
the
roadmap
again
check
out
the
video
on
YouTube
for
more
information
Krishnan,
and
you
can
message
in
a
slack
if
you
want
anything,
specific
I
can
get
the
the
PMs
to
answer.
I.
Think
this
one
I'm
Gonna
Leave,
oh
actually,
I
kind
of
know.
This
topic,
Oliver
B,
asks
the
reporting
topic.
Cve
reports
is
on.
The
roadmap
would
be
great
to
get
some
info
about
the
plan
here.
A
You
know
in
4.0
and
I
think
three
four
3.4
or
something
we
introduce
collections
as
a
grouping
in
ACS,
and
this
is
mostly
around
notifiers
and
reports,
so
being
able
to
say
hey
all
of
these
deployments.
All
these
images
are
associated
with
the
monitoring
team
or
a
certain
team
internally
and
being
able
to
expand
on
that
reporting
into
cves
and
workloads.
Is
the
next
step,
I
believe
an
update's
coming
in
4.2?
A
Don't
quote
me
on
that,
but
the
CV
workloads
is
in
Tech
preview
as
a
4.1
so
worth
checking
out,
and
then,
when
the
reporting
comes
in
you're
able
to
go
and
say,
I
want
these
deployments.
These
images,
with
these
vulnerabilities
and
I,
want
them
all
to
be
sent
in
a
weekly
report
to
this
group
that
I've
defined
in
a
collection,
and
so
once
those
collections
are
made
and
set
it's
pretty
easy
for
onboarding
and
bringing
new
people
in.
Let's
say
you
have
a
security
team
and
somebody
leaves
the
team
somebody
new
comes
in.
A
They
always
get
the
same
reports
every
week
about
the
vulnerabilities
and
then
you
can
core
correlate
the
changes
over
time.
The
new
release
of
openshift
comes
out
and
you're.
Looking
at
how
red
Hat's
doing
their
work,
you
can
go
and
correlate.
You
know
4.11
with
4.12
with
4.13
Etc
and
that's
going
to
be
hopefully
easier
than
ever.
Anything
I
missed
Matthias.
B
I
would
even
say
the
you
mentioned
the
the
core
mechanic.
That's
behind
all
this,
which
is
collections
so
with
collections
we
introduced
a
new
way
of
organizing
our
data
and
giving
users
the
option
to
tailor
their
search
experience
in
many
different
places.
Most
of
these
places
we
have
already
visited
or
are
visiting
right
now.
B
So
basically,
we
now
have
a
big
nice
engine
that
has
all
these
super
nice
capabilities
and
we're
updating
the
UI
and
and
not
only
the
UI,
but
also
we're
basically
partnering,
the
UI
update
with
new
user
experiences
and
revamping
of
the
whole
UI
to
actually
expose
all
of
these
new
possibilities
in
all
the
areas
that
we
can.
So
there
is
a
lot
more
to
come.
B
A
And
last
question
I'll
ever
be
again:
hi
there.
Can
you
confirm
that
The
annotation
key
for
recipients
in
the
SMTP
integration
is
only
usable
for
policy.
Notifications
I
also
try
to
use
it
for
scheduled
cve
reports,
but
it
didn't
work.
That's
a
great
question
and
one
that
I
tried
to
dig
up
for
15
minutes
before
you
know,
there's
a
little
bubble,
but
the
fact
that
it
wasn't
very
easy
for
me
to
figure
out
I'm
going
to
go
open
up
an
issue
with
some
of
the
engineers
and
get
a
proper
answer
for
you.
A
Maybe
if
we
can
clarify
that
in
the
description
as
well
would
be
useful,
so
I'll
respond
to
that
in
the
chat
when
I
have
a
good
answer
for
you.
Thanks
again
for
everybody,
who's
been
posting
I
know
it's
been
what
six
weeks
since
our
last
community
meeting.
So
it's
been
a
little
long,
but
you
know
we
try
to
get
to
the
questions
and
we
can
Matthias
any
final
words
before
you
wrap
us
up
releases
summer
vacations.
Anything
you
want
to
touch
on
before
we
go.
B
I,
don't
think
that
I
have
anything
to
touch
on,
but
as
always
folks,
we
are
available
to
chat
with
you
either
through
GitHub
issues
or
the
slack
Channel.
If
there's
anything,
we
can
help
you
with
just
let
us
know,
and
with
that
said
we
are
returning
to
our
regular
schedule.
So
after
we
move
this
meeting
a
little
bit
further
to
the
back,
that
also
means
we
will
be
seeing
all
all
each
other
in
roughly
two
or
three
weeks
time.
B
A
All
right
so
I'm
going
to
cut
everything
out.
Yeah
I
always
just
like
to
have
a
little
bit
of
pause
before
we
start
because
then,
when
I
upload,
the
video
I
can
see
exactly
when
we
started
ending.
So
it's
like
two
Quick
Cuts
I
need
one
of
those
action
things
I
didn't,
say
anything
technically
wrong.
Right,
no.
B
I,
don't
think
so,
I
think
the
the
only
thing
is
with
the
with
the
rollback
to
the
release.
I
wanted
to
announce
it
because
it
is
actually
a
technical
reason
and
not
a
support
contracty
reason,
but
both
of
these
things
are
actually
important
information
and
worth
repeating
from
time
to
time.
Yeah.
B
Okay
and
I
mean
it's
it's
rolled
back
from
4.3
to
4.0,
so
if
you
are
running
4.0
right
now
and
then
for
the
three
comes
out,
nine
months
or
even
longer,
I
have
arm
almost
longer
after
photo
zero,
yeah
and
then
directly
update
to
403.
That
would
be
not
the
best,
but
I
don't
think
we
even
support
that
out
of
the
box
skipping
skipping,
multiple
versions.
A
Yeah
and
that's
the
thing
is:
if
you,
if
you're
at
4.0
and
4.3,
gets
released
like
you're
out
of
the
support
policy,
so
most
red
Hatters
would
have
updated
by
then
anyways.
Most
people
are
paying
for
the
product
I'm.
Assuming
that's
why
we,
whatever
changes
we
made,
we
waited
till
4.3
to
do.
It
is
because
of
that
support
policy.
A
B
Mean
we
not
necessarily
what
we
usually
do.
Is
we
announce
these
things,
one
to
two
releases
beforehand
in
term,
basically
in
in
line
with
our
support
policy
of
hey
we're
not
doing
quick
changes,
we're
doing
what's
red
hat,
calling
it
day,
one
operations,
so
we're
we're
trying
to
be
a
little
bit
more
stable.
So
that
means
any
breaking.
Change
needs
to
be
announced,
ideally,
two
releases
before
it
happens.
Gotcha
makes.
A
B
A
A
Yeah
and
in
just
the
general
ACS
like
with
with
Chris
Porter
and
Eric
band
in
there,
because
if,
if
they
don't
know,
if
the
PMS
don't
know,
it's
like
what
is
this?
Okay.
B
Let
me
let
me
do
a
very
dumb
thing:
let's,
let's,
let's
do
rtfm,
let's
see
if
we
actually
have
documented
that
in
our
in
in
our
online
Docs.
So
what's
it
called?
What
is
it
annotation
key?
So
if
I
search
for
annotation
in.
B
A
The
help
text
I
kind
of
get
it
it's
I,
think
I
don't
need
to
find
the
key.
Oh
I
get
it.
So
if
you
have
an
annotation
and
it's
like
recipient
email
is
this
email
stack
rocks
will
just
go
and
grab
that
email.
I.
Think.
B
I
I
I
I
understand
it
as
you
define
an
annotation,
for
example,
let's
say
devops
and
then
you
you
set
up
an
email
audience
Notifier
thing
that
you
say:
that's
the
devops
mailing
list
and
then
you
say
this
devops
mailing
list
Notifier
will
be
matching
with
The
annotation
devops.
So
then,
when,
except
when
an
alert
comes
up,
it
checks.
The
annotations
sees
the
devops
thing
and
then
triggers
the
audience.
Yeah.
B
A
So
look
at
look
at
just
right
underneath
it
says
configuring
the
email
plugin,
so
it
shows
you
how
to
configure
The
annotation.
It's
not
like
any
annotation.
It
has
to
be
specific
for
ACS
to
pick
it
up.
B
A
The
the
annoying
thing
is
like
at
the
top.
It
says
integration
name.
So
it's
like
you
know
you
want
an
email,
then
it
says
document
the
email
server
enable
us
all
and
then,
when
you
get
to
the
bottom,
it's
like
okay.
Well,
do
you
have
an
annotation
key?
Well?
Does
that
email
override
the
email
above
like
if
I
put
a
different
email
above
and
then
it
picks
up
The
annotation
key
does
that
is
that
the
email
that's
using
do.
B
A
He's
like
The
annotation
key
I
feel
like
should
be
at
the
top
to
be
like.
Do
you
want
to
use
an
annotation
key
email?
If
the
answer
is
no,
then
it
just
defaults
to
like
okay
input,
all
the
stuff.
Let's
see,
annotation
key
is
yes.
Well,
then
you
just
Define
The
annotation
Define,
the
the
namespace
that
has
The
annotation.
B
Yeah,
but
you
always
want
to
fall
back
email
yeah,
you,
you
didn't.
You
never
won
once
an
mt1,
especially
with
Dynamics.
So
it's
especially
because
the
annotations
are
a
user
controllable
field
right,
so
which
also
means
this
opens
the
door
for
a
lot
of
abuse
technically
and
data
extraction.
Oh
gee,
oh
geez,
yeah,
I'm,
the
more
I
think
about
it
that
it's
a
cool
idea,
but
do
we
really
want
to
give
users
full
control
over
where
to
send
potentially
very
detailed
and
very
confidential
emails
too?
B
So
imagine
an
attacker
gets
the
gets
control
over
annotations.
A
B
A
Yeah,
it's
a
weird
one.
You
really
have
to
understand
kubernetes
too,
to
like,
if
you're
a
security
team
coming
in
you're
like
how
do
I
configure
email
reports
and
CVS
like
annotations,
what
I
mean
I?
Guess
it's
easy
because
then
you
don't
really
have
to
do
much
work
for
the
integration.
It's
just
like
just
pick
up
a
sanitation
and
go
but
yeah.
B
I,
don't
know
yeah,
that's
that's
a
weird
one
and
honestly
what
I'm
a
little
bit
more
surprised
about
is
that
this
documentation
passed
our
our
writers
check
and
review,
because
I
I
don't
find
it
very
intuitive
and
the
rest
of
it
I,
actually
I
actually
think
is-
is
rather
intuitive.
A
Yeah,
like
configuring,
the
email
plugin
makes
sense,
yeah
I,
think
once
you
scroll
down
and
it's
like
configuring,
the
email
plugin
navigate.
You
know
select
new
integration.
Do
all
this
stuff,
but
it's
kind
of
funny
that
to
use
annotation
dynamically
determine
an
email
or
step
in
yeah
like
that's
the
first
one
right.
So
that's
what
I
was
saying
is
if
you
actually
look
at
when
you
join
the
web
page.
It
wants
all
the
information
first
then
to
dynamically.
A
B
A
Yeah,
it's
a
lot
of
work.
How
are
the
forearms
getting
like
the
grip
strengths
getting
up
actually.
B
A
B
My
back
has
never
been
better
better,
so
back
back's,
not
hurting
anymore,
because
clamping
is
a
lot
of
core
muscles
yeah,
but
the
only
the
other
thing
is
now
I
have
the
luxury
problem
of
my
knees
are
actually
complaining
about
all
the
all
the
sports
that
I'm
doing
yeah
so
yeah.
That's.
A
B
A
Was
good
to
see
you
and
yeah
enjoy
dinner.
B
Yeah
all
right
then
see
you
in
two
weeks.
The
latest
I
guess.