Skip to content

feat: add info about verifying provenance attestations #1010

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Mar 20, 2024
Merged

feat: add info about verifying provenance attestations #1010

merged 1 commit into from
Mar 20, 2024

Conversation

@bdehamer
Copy link
Contributor

@bdehamer bdehamer commented Mar 20, 2024

Updates the documentation for provenance attestations to include information about verifying attestations. Includes a note about using the latest npm version to ensure that users have the latest verification logic.

@bdehamer
add info about verifying provenance attestations
43f3f00 
Signed-off-by: Brian DeHamer <bdehamer@github.com>
@bdehamer bdehamer force-pushed the bdehamer/provenance-attestations branch from e7f8fc4 to 43f3f00 Compare March 20, 2024 00:58
@wraithgar
Copy link
Member

wraithgar commented Mar 20, 2024

Looks good. We probably either want to re-state this here or link to this page from there.

@wraithgar wraithgar changed the title add info about verifying provenance attestations feat: add info about verifying provenance attestations Mar 20, 2024
@wraithgar wraithgar merged commit c45f1f3 into main Mar 20, 2024
@wraithgar wraithgar deleted the bdehamer/provenance-attestations branch March 20, 2024 14:21
@bdehamer bdehamer mentioned this pull request Mar 20, 2024
Merged
wraithgar pushed a commit to npm/cli that referenced this pull request Mar 20, 2024
@bdehamer
docs: update audit docs with provenance info (#7304)
9807caf 
Adds a note to the `audit` docs discussing the verification of
provenance attestations.

Per: npm/documentation#1010

Signed-off-by: Brian DeHamer <bdehamer@github.com>
@davidlj95 davidlj95 mentioned this pull request Mar 20, 2024
Closed
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@wraithgar wraithgar wraithgar approved these changes

@MylesBorins MylesBorins Awaiting requested review from MylesBorins

@monishcm monishcm Awaiting requested review from monishcm

@lukekarrys lukekarrys Awaiting requested review from lukekarrys

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@bdehamer @wraithgar