doc: add meeting minutes 19-01 (#863)

RafaelGSS · UlisesGascon · web-flow · commit b9e0ff5f4f84 · 2023-01-20T11:25:43.000-03:00
Co-authored-by: Ulises Gascon &lt;UlisesGascon@users.noreply.github.com&gt;

Co-authored-by: Ulises Gascon &lt;UlisesGascon@users.noreply.github.com&gt;
diff --git a/meetings/2023-01-19.md b/meetings/2023-01-19.md
@@ -0,0 +1,63 @@
+# Node.js  Security WorkGroup Meeting 2023-01-19
+
+## Links
+
+* **Recording**:  https://www.youtube.com/watch?v=qzLZbdHSfZE
+* **GitHub Issue**: https://github.com/nodejs/security-wg/issues/862
+* **Minutes Google Doc**: https://docs.google.com/document/d/1poZvCtSlrw7aPjldNwHyJUToZu7RsBlnFDRV5VpIDtg/edit
+
+## Present
+
+* Security wg team: @nodejs/security-wg
+* Rafael Gonzaga: @RafaelGSS
+* Ulises Gascon: @UlisesGascon
+* Thomas GENTILHOMME: @fraxken
+* Robert Waite
+* Joe Sepi: @joesepi
+* Joyce Brum from GOSST @joycebrum
+* Gabriela Gutierrez from GOSST @gabibguti
+* Pedro Nacht from GOSST @pnacht
+* Diogo Sant'Anna from GOSST @diogoteles08
+* Michael Dawson @mhdawson
+
+## Agenda
+
+## Announcements
+
+*Extracted from **security-wg-agenda** labelled issues and pull requests from the **nodejs org** prior to the meeting.
+
+- [X] Vulnerability Review - https://github.com/nodejs/nodejs-dependency-vuln-assessments/issues
+
+### nodejs/security-wg
+
+* Assessment against best practices (OpenSSF Scorecards ...) [#859](https://github.com/nodejs/security-wg/issues/859)
+* Add OSSF Scorecard [#851](https://github.com/nodejs/security-wg/issues/851)
+  * Discussion with GOSST about implementing it on Node.js
+  * The Nodejs currently report is located [here](https://deps.dev/project/github/nodejs%2Fnode), also [json version available](https://api.securityscorecards.dev/projects/github.com/nodejs/node)
+  * Agreement to update action version tag by hash in GHA, following [this example](https://app.stepsecurity.io/secureworkflow/nodejs/node/coverage-linux.yml/main?enable=pin), lead by GOSST
+  * Agreement to add/document the next steps in [this issue](https://github.com/nodejs/security-wg/issues/859) in order to provide a good context for the following PRs and TSC Meetings, lead by GOSST
+
+* Automate security release process [#860](https://github.com/nodejs/security-wg/issues/860)
+
+* Discussion about policy-integrity integration on Windows [#856](https://github.com/nodejs/security-wg/issues/856)
+  * We will discuss this issue as first topic in the next meeting
+
+* Automate updates of all dependencies [#828](https://github.com/nodejs/security-wg/issues/828)
+
+* Permission Model [#791](https://github.com/nodejs/security-wg/issues/791)
+  * Got 3 approvals so far
+  * Remaining work:
+    * Windows issue to fix
+    * Native modules support
+
+### nodejs/nodejs-dependency-vuln-assessments
+
+* Recursive support on Node.js dependencies [#89](https://github.com/nodejs/nodejs-dependency-vuln-assessments/issues/89)
+
+## Q&A, Other
+
+## Upcoming Meetings
+
+* **Node.js Project Calendar**: <https://nodejs.org/calendar>
+
+Click `+GoogleCalendar` at the bottom right to add to your own Google calendar.
