-
Notifications
You must be signed in to change notification settings - Fork 122
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
doc: add 10-10-2024 meeting notes (#1394)
- Loading branch information
Showing
1 changed file
with
65 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,65 @@ | ||
# Node.js Security team Meeting 2024-10-10 | ||
|
||
## Links | ||
|
||
* **Recording**: https://www.youtube.com/watch?v=pRbiKOqoCRs | ||
* **GitHub Issue**: https://github.com/nodejs/security-wg/issues/1389 | ||
* **Minutes Google Doc**: https://docs.google.com/document/d/12oXkIdsOxSfv1Q5K4rkWTh-lkzr9LxwcZERCIvWYHOg/edit?tab=t.0 | ||
|
||
## Present | ||
|
||
* Security wg team: @nodejs/security-wg | ||
* Rafael Gonzaga: @RafaelGSS | ||
* Michael Dawson: @mhdawson | ||
* UlisesGascón: @UlisesGascon | ||
* Marco Ippolito: @marco-ippolito | ||
* Richard Lau: @richadlau | ||
|
||
## Agenda | ||
|
||
## Announcements | ||
|
||
*Extracted from **security-wg-agenda** labelled issues and pull requests from the **nodejs org** prior to the meeting. | ||
|
||
- [X] Vulnerability Review - https://github.com/nodejs/nodejs-dependency-vuln-assessments/issues | ||
- Nothing has changed since last week | ||
- OpenSSL update coming in next regular releases | ||
|
||
- [X] OpenSSF Scorecard Monitor Review - https://github.com/nodejs/security-wg/issues?q=is%3Aissue+OpenSSF+Scorecard+Report+Updated%21+ | ||
- No action required from our side: https://github.com/nodejs/security-wg/pull/1393 | ||
- Requested a feature to add threshold to the issues notification: https://github.com/ossf/scorecard-monitor/issues/88 | ||
|
||
|
||
|
||
### nodejs/node | ||
|
||
* src: add WDAC integration (Windows) [#54364](https://github.com/nodejs/node/pull/54364) | ||
* Microsoft team working on updating the PR | ||
|
||
### nodejs/security-wg | ||
|
||
* Audit build process for dependencies #1037 | ||
* Michael: made progress on building common container, and using in the deps that build | ||
WASM | ||
|
||
* Automate security release process #860 | ||
* Nothing has changed since last meeting | ||
|
||
* Abort when vulnerable flag #852 | ||
* a bit complex to solve properly since it requires a remote call back to the vulnerability | ||
database. | ||
* Michael, would be good to PR into - https://github.com/nodejs/nodejs-ambassadors as | ||
message to be amplified | ||
|
||
* Node.js maintainers: Threat Model #1333 | ||
* We have created the Threats section | ||
* Good progress so far | ||
|
||
## Q&A, Other | ||
|
||
## Upcoming Meetings | ||
|
||
* **Node.js Project Calendar**: <https://nodejs.org/calendar> | ||
|
||
Click `+GoogleCalendar` at the bottom right to add to your own Google calendar. | ||
|