From e40eecdce0c2ce9e9701606c41871c9736a3ed00 Mon Sep 17 00:00:00 2001
From: Matt Travi <programmer@travi.org>
Date: Fri, 11 Aug 2023 15:40:18 -0500
Subject: [PATCH] docs(gitlab): highlighted that GitLab CI is now a supported
 CI provider for provenance

---
 docs/recipes/ci-configurations/gitlab-ci.md | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/docs/recipes/ci-configurations/gitlab-ci.md b/docs/recipes/ci-configurations/gitlab-ci.md
index f6cece60..c6b91f5b 100644
--- a/docs/recipes/ci-configurations/gitlab-ci.md
+++ b/docs/recipes/ci-configurations/gitlab-ci.md
@@ -6,6 +6,11 @@ The [Authentication](../../usage/ci-configuration.md#authentication) environment
 
 **Note**: Make sure to configure your release branch as [protected](https://docs.gitlab.com/ce/user/project/protected_branches.html) in order for the CI/CD build to access the protected variables.
 
+## npm provenance
+
+Since GitLab CI is a [supported provider](https://docs.npmjs.com/generating-provenance-statements#provenance-limitations) for [npm provenance](https://docs.npmjs.com/generating-provenance-statements), it is recommended to enable this to increase supply-chain security for your npm packages.
+Find more detail about configuring npm to publish with provenance through semantic-release [in the documentation for our npm plugin](https://github.com/semantic-release/npm#npm-provenance).
+
 ## Node project configuration
 
 GitLab CI supports [Pipelines](https://docs.gitlab.com/ee/ci/pipelines.html) allowing to test on multiple Node versions and publishing a release only when all test pass.