This talk was given at the Google Open Source Ecosystem Security Roundtable.
github.com/ossf/wg-securing-software-repos/issues/16
github.blog/2023-03-09-raising-the-bar-for-software-security-github-2fa-begins-march-13
github.com/rust-lang/crates.io/issues/3400
github.blog/2021-04-05-behind-githubs-new-authentication-token-formats
docs.pypi.org/trusted-publishers
docs.npmjs.com/cli/v10/commands/npm-sbom
repos.openssf.org/build-provenance-for-all-package-registries
github.com/npm/attestation/tree/main/specs/publish/v0.1
github.com/trailofbits/homebrew-attestation/tree/main/specs/publish/v0.1
