Home > npm and Sigstore: Provenance Comes to the World's Largest OSS Ecosystem

2023 Aug

This talk was given at BlackHat USA 2023 with Trevor Rosen.

[npmjs.com/package/semver](https://www.npmjs.com/package/semver)

[docs.npmjs.com/generating-provenance-statements](https://docs.npmjs.com/generating-provenance-statements)

[search.sigstore.dev](https://search.sigstore.dev/?logIndex=28016440)

[github.com/sigstore/fulcio/blob/main/docs/oid-info.md](https://github.com/sigstore/fulcio/blob/main/docs/oid-info.md)

[https://repos.openssf.org/build-provenance-for-all-package-registries](https://repos.openssf.org/build-provenance-for-all-package-registries)

[github.com/sigstore/fulcio/blob/main/docs/oid-info.md](https://github.com/sigstore/fulcio/blob/main/docs/oid-info.md)

[slsa.dev/community](https://slsa.dev/community)

[github.com/sigstore/community](https://github.com/sigstore/community)

[github.com/in-toto/community](https://github.com/in-toto/community)