From d73383d27f773f9dcae14b676c755b42d4495149 Mon Sep 17 00:00:00 2001
From: Matt Travi <github@travi.org>
Date: Fri, 11 Aug 2023 17:16:23 -0500
Subject: [PATCH] Add GitLab CI to the list of supported CI providers for
 provenance (#686)

---
 .../securing-your-code/generating-provenance-statements.mdx     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/content/packages-and-modules/securing-your-code/generating-provenance-statements.mdx b/content/packages-and-modules/securing-your-code/generating-provenance-statements.mdx
index fb2b141b1b8..2a34da9f8b1 100644
--- a/content/packages-and-modules/securing-your-code/generating-provenance-statements.mdx
+++ b/content/packages-and-modules/securing-your-code/generating-provenance-statements.mdx
@@ -26,7 +26,7 @@ The transparency log service provides a public, verifiable, tamper-evident ledge
 
 ## Provenance limitations
 
-- In order to publish a package with provenance, you must build your package with a supported cloud CI/CD provider using a cloud-hosted runner from a public source repository. Today this includes GitHub Actions, and we are collaborating with additional providers to expand support. For more information on how to establish provenance using GitHub Actions, see "[Publishing packages with provenance via GitHub Actions][publishing-with-provenance]."
+- In order to publish a package with provenance, you must build your package with a supported cloud CI/CD provider using a cloud-hosted runner from a public source repository. Today this includes GitHub Actions and GitLab CI, and we are collaborating with additional providers to expand support. For more information on how to establish provenance using GitHub Actions, see "[Publishing packages with provenance via GitHub Actions][publishing-with-provenance]."
 - When a package in the npm registry has established provenance, it does not guarantee the package has no malicious code. Instead, npm provenance provides a verifiable link to the package's source code and build instructions, which developers can then audit and determine whether to trust it or not. For more information, see "[Searching for and choosing packages to download][provenance-info]."
 
 ## Prerequisites