From e06ed22dd1801a5054757bdaf2ab79afa169a5bb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ulises=20Gasc=C3=B3n?= Date: Wed, 30 Oct 2024 19:53:45 +0100 Subject: [PATCH] docs: meeting notes for 2024-10-24 (#1397) --- meetings/2024-10-24.md | 50 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) create mode 100644 meetings/2024-10-24.md diff --git a/meetings/2024-10-24.md b/meetings/2024-10-24.md new file mode 100644 index 00000000..632f98a4 --- /dev/null +++ b/meetings/2024-10-24.md @@ -0,0 +1,50 @@ +# Node.js Security team Meeting 2024-10-24 + +## Links + +* **Recording**: +* **GitHub Issue**: https://github.com/nodejs/security-wg/issues/1396 +* **Minutes Google Doc**: https://docs.google.com/document/d/1IzdqODrouMHFXZiEpTkW74QBNyA123d1vFgEafnv4aw/edit?tab=t.0 + +## Present + +* Michael Dawson (@mhdawson) +* Marco Ippolito (@marco-ippolito) +* Ulises Gascón (@UlisesGascon) + + +## Agenda + +## Announcements + +* Ulises - is-my-node-vulnerable, work to move over to Node.js org - https://github.com/RafaelGSS/is-my-node-vulnerable + +*Extracted from **security-wg-agenda** labelled issues and pull requests from the **nodejs org** prior to the meeting. + +- [x] Vulnerability Review - https://github.com/nodejs/nodejs-dependency-vuln-assessments/issues + * No new issues +- [x] OpenSSF Scorecard Monitor Review - https://github.com/nodejs/security-wg/issues?q=is%3Aissue+OpenSSF+Scorecard+Report+Updated%21+ + * It will happen after the meeting + +* Audit build process for dependencies [1037](https://github.com/nodejs/security-wg/issues/1037) + * Michael made a great progress (using already containers) + * Expected to start open PRs soon +* Abort when vulnerable flag [852](https://github.com/nodejs/security-wg/issues/852) + * Probably this will be moved to a separate repo (TBC) +* Automate security release process [860](https://github.com/nodejs/security-wg/issues/860) + * no updates this week +* Skipped working on the threat model this week as we only had 2 people + +## Q&A, Other + +* security guidelines being developed in OpenJS collaboration space https://github.com/openjs-foundation/security-collab-space/issues/211 + * Would be good to apply to the Node.js project and see how it works/does not and provide + Feedback. + + +## Upcoming Meetings + +* **Node.js Project Calendar**: + +Click `+GoogleCalendar` at the bottom right to add to your own Google calendar. +