Myvideo

Guest

Login

npm and Sigstore: Provenance Comes to the World's Largest OSS Ecosystem

Uploaded By: Myvideo
1 view
0
0 votes
0

At GitHub, we've been hard at work over the last year on a project to secure the Javascript ecosystem by building provenance directly into first-party tooling and partnering with Sigstore to make software signing easy and ubiquitous. GitHub-owned npm is the de facto standard package system for Javascript, which is the world's largest language ecosystem by lines of code. Serving over 70 billion requests per month and accepting around 40k publish events in the average day, npm is popular enough that it's seen more than its fair share of malware attacks and supply chain trojans in the recent past.... By: Trevor Rosen , Zach Steindler Full Abstract and Presentation Materials: #npm-and-sigstore-provenance-comes-to-the-worlds-largest-oss-ecosystem-32893

Share with your friends

Link:

Embed:

Video Size:

Custom size:

x

Add to Playlist:

Favorites
My Playlist
Watch Later