This talk was given at BlackHat USA 2023 with Trevor Rosen.
docs.npmjs.com/generating-provenance-statements
github.com/sigstore/fulcio/blob/main/docs/oid-info.md
https://repos.openssf.org/build-provenance-for-all-package-registries