Philip Harrison
Software engineer on the package security team at GitHub helping secure open source packages, previously worked on automating dependency updates with Dependabot.
Sessions
10-27
11:40
25min
Build provenance for package registries
Philip Harrison
Lessons learned from adding build provenance to the npm registry: linking npm packages back to their originating source code and build instructions using cloud CI/CD, Sigstore and SLSA.
Main stage