Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Node.js Security team Meeting 2023-10-12 #1127

Closed
mhdawson opened this issue Oct 9, 2023 · 2 comments
Closed

Node.js Security team Meeting 2023-10-12 #1127

mhdawson opened this issue Oct 9, 2023 · 2 comments
Assignees

Comments

@mhdawson
Copy link
Member

mhdawson commented Oct 9, 2023

Time

UTC Thu 12-Oct-2023 14:00 (02:00 PM):

Timezone Date/Time
US / Pacific Thu 12-Oct-2023 07:00 (07:00 AM)
US / Mountain Thu 12-Oct-2023 08:00 (08:00 AM)
US / Central Thu 12-Oct-2023 09:00 (09:00 AM)
US / Eastern Thu 12-Oct-2023 10:00 (10:00 AM)
EU / Western Thu 12-Oct-2023 15:00 (03:00 PM)
EU / Central Thu 12-Oct-2023 16:00 (04:00 PM)
EU / Eastern Thu 12-Oct-2023 17:00 (05:00 PM)
Moscow Thu 12-Oct-2023 17:00 (05:00 PM)
Chennai Thu 12-Oct-2023 19:30 (07:30 PM)
Hangzhou Thu 12-Oct-2023 22:00 (10:00 PM)
Tokyo Thu 12-Oct-2023 23:00 (11:00 PM)
Sydney Fri 13-Oct-2023 01:00 (01:00 AM)

Or in your local time:

Links

Agenda

Extracted from security-wg-agenda labelled issues and pull requests from the nodejs org prior to the meeting.

nodejs/security-wg

  • Have a SBOM for Node.js? #1115
  • License checker process/script #1104
  • Audit build process for dependencies #1037
  • Initiative for CII-Best-Practices for Nodejs Projects #953
  • Permission Model - Roadmap #898
  • Automate security release process #860
  • Assessment against best practices (OpenSSF Scorecards ...) #859

Invited

  • Security wg team: @nodejs/security-wg

Observers/Guests

Notes

The agenda comes from issues labelled with security-wg-agenda across all of the repositories in the nodejs org. Please label any additional issues that should be on the agenda before the meeting starts.

Joining the meeting

https://zoom.us/j/92309450775

  • link for participants: <>
  • For those who just want to watch We stream our conference call straight to YouTube so anyone can listen to it live, it should start playing at https://www.youtube.com/c/nodejs+foundation/live when we turn it on. There's usually a short cat-herding time at the start of the meeting and then occasionally we have some quick private business to attend to before we can start recording & streaming. So be patient and it should show up.
  • youtube admin page: https://www.youtube.com/my_live_events?filter=scheduled
@mhdawson mhdawson self-assigned this Oct 9, 2023
@UlisesGascon
Copy link
Member

I won't attend the meeting today, but here are the OSSF Scorecard reports:

Quick analysis: seems like there are some decreasing between -0.3 to -0.7 in many repositories that we monitor but are archived, I will create a PR after my holidays to ignore them.

I think the most relevant to discuss in the meeting are:

Repository Commit Score Score Delta Report StepSecurity
nodejs/node 7ed50e5 7.7 -0.3 / Details View Fix it

@mhdawson
Copy link
Member Author

It was just me and @marco-ippolito so we cancelled for today.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants