doc: add 2024-01-04 notes (#1183)

RafaelGSS · UlisesGascon · web-flow · commit fd5583ea2053 · 2024-01-04T13:32:44.000-03:00
* doc: add 2024-01-04 notes

* Update meetings/2024-01-04.md

Co-authored-by: Ulises Gascón &lt;ulisesgascongonzalez@gmail.com&gt;

* Update meetings/2024-01-04.md

Co-authored-by: Ulises Gascón &lt;ulisesgascongonzalez@gmail.com&gt;

---------

Co-authored-by: Ulises Gascón &lt;ulisesgascongonzalez@gmail.com&gt;
diff --git a/meetings/2024-01-04.md b/meetings/2024-01-04.md
@@ -0,0 +1,61 @@
+# Node.js  Security team Meeting 2024-01-04
+
+## Links
+
+* **Recording**: https://www.youtube.com/watch?v=0g6fJw11KrI
+* **GitHub Issue**: https://github.com/nodejs/security-wg/issues/1175
+* **Minutes Google Doc**: https://docs.google.com/document/d/1qNM01Xw0S_U4JTtJcoF1m5PQQUl9PkyVRGjxcetz8eY/edit
+
+## Present
+
+* Security wg team: @nodejs/security-wg
+* Rafael Gonzaga (@RafaelGSS)
+* Ulises Gascon (@ulisesGascon)
+* Marco Ippolito (@marco-ippolito)
+* Michael Dawson (@mhdawson)
+* Carlos Espa (@Ceres6)
+
+## Agenda
+
+## Announcements
+
+*Extracted from **security-wg-agenda** labelled issues and pull requests from the **nodejs org** prior to the meeting.
+
+- [X] Vulnerability Review - https://github.com/nodejs/nodejs-dependency-vuln-assessments/issues
+- [X] OpenSSF Scorecard Monitor Review
+  - [Issue details](https://github.com/nodejs/security-wg/issues/1179)
+  - [Pr Details](https://github.com/nodejs/security-wg/pull/1180)
+  - Undici increased 0.1 due Code Review. [see](https://kooltheba.github.io/openssf-scorecard-api-visualizer/#/projects/github.com/nodejs/undici/compare/c5c6648a7d2097f9be4d1f7d06df9f158eff049d/990b96ebb138ecf9fb93fea0f2a832ae322c939f)
+  - Node.js decreased 0.3 due Code Review. [see](https://kooltheba.github.io/openssf-scorecard-api-visualizer/#/projects/github.com/nodejs/node/compare/f9675e104e25ae7da5215f338f5e2609c85025a2/515b007faedf529861b22823f8a722eebed837fa) 
+
+### nodejs/security-wg
+
+* Security initiative in December 2023: fuzzing Nodejs: https://github.com/google/oss-fuzz/tree/master/projects/nodejs
+  * Skipped - OSTIF didn’t join
+
+[#1159](https://github.com/nodejs/security-wg/issues/1159)
+* NodeJS Code integrity on Windows
+  * Skipped - Microsoft folks didn’t join
+
+[#1149](https://github.com/nodejs/security-wg/issues/1149)
+* Have a SBOM for Node.js? [#1115](https://github.com/nodejs/security-wg/issues/1115)
+  * Skipped - no progress since the last meeting
+
+* Audit build process for dependencies [#1037](https://github.com/nodejs/security-wg/issues/1037)
+  * Stopped until SBOMs resolution
+
+* Permission Model - Roadmap [#898](https://github.com/nodejs/security-wg/issues/898)
+  * Several fixes coming with the 21.6.0 release
+  * two new features - support for relative paths and –allow-addons flag
+
+* Initiative for CII-Best-Practices for Nodejs Projects [#953](https://github.com/nodejs/security-wg/issues/953)
+  * Recap
+  * Deep dive
+
+## Q&A, Other
+
+## Upcoming Meetings
+
+* **Node.js Project Calendar**: <https://nodejs.org/calendar>
+
+Click `+GoogleCalendar` at the bottom right to add to your own Google calendar.
