I've been helping the log4j incident with analyzing the situation in Dec 2021. Next to my responsibilities helping with communications, I also wanted to learn how GitLab's security scanning features can help detect log4j.
I love creating demos to showcase Observability and Security, this always leads me into learning new things. My research led me into diving into the code and analyzing everything in a dev environment.
I've then collaborated with product and engineering teams to add a feature to container scanning, listing the detected dependencies in container images, including log4j. We have defined the requirements, and were able to prioritize. The feature was released in the same week, and could be added to the security feature log4j blog post.
https://gitlab.com/gitlab-org/gitlab/-/issues/348628
I have learned so much about features, cross-team collaboration and security incident processes.
Today I was nominated for a discretionary bonus, for the values of collaboration 🤝, transparency 👁 and iteration 👣 Love my job 💜
I love creating demos to showcase Observability and Security, this always leads me into learning new things. My research led me into diving into the code and analyzing everything in a dev environment.
I've then collaborated with product and engineering teams to add a feature to container scanning, listing the detected dependencies in container images, including log4j. We have defined the requirements, and were able to prioritize. The feature was released in the same week, and could be added to the security feature log4j blog post.
https://gitlab.com/gitlab-org/gitlab/-/issues/348628
I have learned so much about features, cross-team collaboration and security incident processes.
Today I was nominated for a discretionary bonus, for the values of collaboration 🤝, transparency 👁 and iteration 👣 Love my job 💜