← Home

@opentelemetry/semantic-conventions

OpenTelemetry semantic conventions

78
Versions
Apache-2.0
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

dyladanpichlermarcoverbalancenpmjs-accounttrentmmartinkuba

Keywords

opentelemetrynodejstracingattributessemantic conventions

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
provenance publisher-changed AI (provenance): Transition from individual maintainer (dyladan) to GitHub Actions CI/CD publishing with SLSA provenance; standard for OpenTelemetry project. ai

Versions (showing 78 of 78)

Version Deps Published
1.43.0 0 / 13
1.42.0 0 / 13
1.41.1 0 / 13
1.40.0 0 / 13
1.39.0 0 / 13
1.38.0 0 / 13
1.37.0 0 / 14
1.36.0 0 / 15
1.35.0 0 / 15
1.34.0 0 / 15
1.33.1 0 / 15
1.33.0 0 / 15
1.32.0 0 / 15
1.31.0 0 / 15
1.30.0 0 / 15
1.29.0 0 / 15
1.28.0 0 / 15
1.27.0 0 / 16
1.26.0 0 / 16
1.25.1 0 / 17
1.25.0 0 / 17
1.24.1 0 / 17
1.24.0 0 / 17
1.23.0 0 / 17
1.22.0 0 / 17
1.21.0 0 / 12
1.20.0 0 / 12
1.19.0 0 / 12
1.18.1 0 / 12
1.18.0 0 / 12
1.17.1 0 / 12
1.17.0 0 / 12
1.16.0 0 / 12
1.15.2 0 / 12
1.15.1 0 / 12
1.15.0 1 / 12
1.14.0 0 / 10
1.13.0 0 / 10
1.12.0 0 / 11
1.11.0 0 / 11
1.10.1 0 / 11
1.10.0 0 / 11
1.9.1 0 / 11
1.9.0 0 / 11
1.8.0 0 / 11
1.7.0 0 / 11
1.6.0 0 / 11
1.5.0 0 / 11
1.4.0 0 / 11
1.3.1 0 / 11
1.3.0 0 / 11
1.2.0 0 / 11
1.1.1 0 / 11
1.1.0 0 / 11
1.0.1 0 / 11
1.0.0 0 / 11
0.26.0 0 / 11
0.25.0 0 / 11
0.24.0 0 / 11
0.23.0 0 / 12
0.22.0 0 / 12
0.21.0 0 / 12
0.20.0 0 / 12
0.19.0 0 / 13
0.18.2 0 / 13
0.18.1 0 / 13
0.18.0 0 / 13
0.17.0 0 / 13
0.16.0 0 / 13
0.15.0 0 / 13
0.14.0 0 / 13
0.13.0 0 / 13
0.12.0 0 / 13
0.11.0 0 / 13
0.10.2 0 / 13
0.10.1 0 / 13
0.10.0 0 / 13
0.9.0 0 / 13

v1.43.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.42.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.26.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.25.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.24.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.23.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.22.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.21.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.20.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.19.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.18.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.18.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.18.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.17.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.16.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.15.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.14.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.13.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.12.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.11.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.10.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.10.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.10.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.