- Recording: https://www.youtube.com/watch?v=qzLZbdHSfZE
- GitHub Issue: #862
- Minutes Google Doc: https://docs.google.com/document/d/1poZvCtSlrw7aPjldNwHyJUToZu7RsBlnFDRV5VpIDtg/edit
- Security wg team: @nodejs/security-wg
- Rafael Gonzaga: @RafaelGSS
- Ulises Gascon: @UlisesGascon
- Thomas GENTILHOMME: @fraxken
- Robert Waite
- Joe Sepi: @joesepi
- Joyce Brum from GOSST @joycebrum
- Gabriela Gutierrez from GOSST @gabibguti
- Pedro Nacht from GOSST @pnacht
- Diogo Sant'Anna from GOSST @diogoteles08
- Michael Dawson @mhdawson
*Extracted from security-wg-agenda labelled issues and pull requests from the nodejs org prior to the meeting.
- Vulnerability Review - https://github.com/nodejs/nodejs-dependency-vuln-assessments/issues
-
Assessment against best practices (OpenSSF Scorecards ...) #859
-
Add OSSF Scorecard #851
- Discussion with GOSST about implementing it on Node.js
- The Nodejs currently report is located here, also json version available
- Agreement to update action version tag by hash in GHA, following this example, lead by GOSST
- Agreement to add/document the next steps in this issue in order to provide a good context for the following PRs and TSC Meetings, lead by GOSST
-
Automate security release process #860
-
Discussion about policy-integrity integration on Windows #856
- We will discuss this issue as first topic in the next meeting
-
Automate updates of all dependencies #828
-
Permission Model #791
- Got 3 approvals so far
- Remaining work:
- Windows issue to fix
- Native modules support
- Recursive support on Node.js dependencies #89
- Node.js Project Calendar: https://nodejs.org/calendar
Click +GoogleCalendar at the bottom right to add to your own Google calendar.