Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

Linux Foundation

Bringing Provenance to Open Source - Lessons from Npm's Sigstore Integration

Linux Foundation via YouTube

Overview

Explore the challenges and solutions in bringing provenance to open source software in this 27-minute conference talk by Trevor Rosen and Zach Steindler from GitHub/npm. Delve into npm's integration with Sigstore to address the lack of verifiable links between packages and their source code. Learn about the complexities of securing build processes, the implications of developer identity verification, and the potential for applying these approaches to other package ecosystems. Gain insights into one of the most significant efforts in software supply chain security and consider fundamental perspectives on package provenance across the open source landscape.

Syllabus

Bringing Provenance to All of Open Source: Lessons from Npm’s... - Trevor Rosen & Zach Steindler

Taught by

Linux Foundation

Reviews

Start your review of Bringing Provenance to Open Source - Lessons from Npm's Sigstore Integration

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.