diff --git a/PROVENANCE.md b/PROVENANCE.md
new file mode 100644
index 0000000000..2698c41a3d
--- /dev/null
+++ b/PROVENANCE.md
@@ -0,0 +1,7 @@
+## Verifying SDK build provenance with the SLSA framework
+
+LaunchDarkly uses the [SLSA framework](https://slsa.dev/spec/v1.0/about) (Supply-chain Levels for Software Artifacts) to help developers make their supply chain more secure by ensuring the authenticity and build integrity of our published SDK packages.
+
+As part of [SLSA requirements for level 3 compliance](https://slsa.dev/spec/v1.0/requirements), LaunchDarkly publishes provenance attestations about our SDK package builds to npm for distribution alongside our packages. 
+
+For npm packages that are published with provenance, npm automatically [verifies the authenticity of the package using Sigstore](https://docs.npmjs.com/generating-provenance-statements#about-npm-provenance). 
diff --git a/packages/sdk/akamai-base/README.md b/packages/sdk/akamai-base/README.md
index b68175a5cb..eb71a6a653 100644
--- a/packages/sdk/akamai-base/README.md
+++ b/packages/sdk/akamai-base/README.md
@@ -30,6 +30,10 @@ yarn && yarn build && cd packages/sdk/akamai-base
 yarn test
 ```
 
+## Verifying SDK build provenance with the SLSA framework
+
+LaunchDarkly uses the [SLSA framework](https://slsa.dev/spec/v1.0/about) (Supply-chain Levels for Software Artifacts) to help developers make their supply chain more secure by ensuring the authenticity and build integrity of our published SDK packages. To learn more, see the [provenance guide](PROVENANCE.md). 
+
 ## About LaunchDarkly
 
 - LaunchDarkly is a continuous delivery platform that provides feature flags as a service and allows developers to iterate quickly and safely. We allow you to easily flag your features and manage them from the LaunchDarkly dashboard. With LaunchDarkly, you can:
diff --git a/packages/sdk/akamai-edgekv/README.md b/packages/sdk/akamai-edgekv/README.md
index d9f2660028..b2598d3abf 100644
--- a/packages/sdk/akamai-edgekv/README.md
+++ b/packages/sdk/akamai-edgekv/README.md
@@ -30,6 +30,10 @@ yarn && yarn build && cd packages/sdk/akamai-edgekv
 yarn test
 ```
 
+## Verifying SDK build provenance with the SLSA framework
+
+LaunchDarkly uses the [SLSA framework](https://slsa.dev/spec/v1.0/about) (Supply-chain Levels for Software Artifacts) to help developers make their supply chain more secure by ensuring the authenticity and build integrity of our published SDK packages. To learn more, see the [provenance guide](PROVENANCE.md). 
+
 ## About LaunchDarkly
 
 - LaunchDarkly is a continuous delivery platform that provides feature flags as a service and allows developers to iterate quickly and safely. We allow you to easily flag your features and manage them from the LaunchDarkly dashboard. With LaunchDarkly, you can:
diff --git a/packages/sdk/cloudflare/README.md b/packages/sdk/cloudflare/README.md
index 2eb4683471..c9bc19733b 100644
--- a/packages/sdk/cloudflare/README.md
+++ b/packages/sdk/cloudflare/README.md
@@ -59,6 +59,10 @@ yarn && yarn build && cd packages/sdk/cloudflare
 yarn test
 ```
 
+## Verifying SDK build provenance with the SLSA framework
+
+LaunchDarkly uses the [SLSA framework](https://slsa.dev/spec/v1.0/about) (Supply-chain Levels for Software Artifacts) to help developers make their supply chain more secure by ensuring the authenticity and build integrity of our published SDK packages. To learn more, see the [provenance guide](PROVENANCE.md). 
+
 ## About LaunchDarkly
 
 - LaunchDarkly is a continuous delivery platform that provides feature flags as a service and allows developers to iterate quickly and safely. We allow you to easily flag your features and manage them from the LaunchDarkly dashboard. With LaunchDarkly, you can:
diff --git a/packages/sdk/react-native/README.md b/packages/sdk/react-native/README.md
index c896f59e21..cff58ab1b7 100644
--- a/packages/sdk/react-native/README.md
+++ b/packages/sdk/react-native/README.md
@@ -98,6 +98,10 @@ echo "MOBILE_KEY=mob-abc" >> packages/sdk/react-native/example/.env
 yarn && yarn ios-go
 ```
 
+## Verifying SDK build provenance with the SLSA framework
+
+LaunchDarkly uses the [SLSA framework](https://slsa.dev/spec/v1.0/about) (Supply-chain Levels for Software Artifacts) to help developers make their supply chain more secure by ensuring the authenticity and build integrity of our published SDK packages. To learn more, see the [provenance guide](PROVENANCE.md). 
+
 ## About LaunchDarkly
 
 - LaunchDarkly is a continuous delivery platform that provides feature flags as a service and allows developers to iterate quickly and safely. We allow you to easily flag your features and manage them from the LaunchDarkly dashboard. With LaunchDarkly, you can:
diff --git a/packages/sdk/server-node/README.md b/packages/sdk/server-node/README.md
index 76a95331fe..98a431dd78 100644
--- a/packages/sdk/server-node/README.md
+++ b/packages/sdk/server-node/README.md
@@ -36,6 +36,10 @@ We run integration tests for all our SDKs using a centralized test harness. This
 
 We encourage pull requests and other contributions from the community. Check out our [contributing guidelines](CONTRIBUTING.md) for instructions on how to contribute to this SDK.
 
+## Verifying SDK build provenance with the SLSA framework
+
+LaunchDarkly uses the [SLSA framework](https://slsa.dev/spec/v1.0/about) (Supply-chain Levels for Software Artifacts) to help developers make their supply chain more secure by ensuring the authenticity and build integrity of our published SDK packages. To learn more, see the [provenance guide](PROVENANCE.md). 
+
 ## About LaunchDarkly
 
 - LaunchDarkly is a continuous delivery platform that provides feature flags as a service and allows developers to iterate quickly and safely. We allow you to easily flag your features and manage them from the LaunchDarkly dashboard. With LaunchDarkly, you can:
diff --git a/packages/sdk/vercel/README.md b/packages/sdk/vercel/README.md
index 749a4d6384..a857d30f7e 100644
--- a/packages/sdk/vercel/README.md
+++ b/packages/sdk/vercel/README.md
@@ -66,6 +66,10 @@ yarn && yarn build && cd packages/sdk/vercel
 yarn test
 ```
 
+## Verifying SDK build provenance with the SLSA framework
+
+LaunchDarkly uses the [SLSA framework](https://slsa.dev/spec/v1.0/about) (Supply-chain Levels for Software Artifacts) to help developers make their supply chain more secure by ensuring the authenticity and build integrity of our published SDK packages. To learn more, see the [provenance guide](PROVENANCE.md). 
+
 ## About LaunchDarkly
 
 - LaunchDarkly is a continuous delivery platform that provides feature flags as a service and allows developers to iterate quickly and safely. We allow you to easily flag your features and manage them from the LaunchDarkly dashboard. With LaunchDarkly, you can:
diff --git a/packages/shared/common/README.md b/packages/shared/common/README.md
index b17cb69e9d..6cf6a1be9d 100644
--- a/packages/shared/common/README.md
+++ b/packages/shared/common/README.md
@@ -12,6 +12,10 @@ This library is a beta version and should not be considered ready for production
 
 See [Contributing](../CONTRIBUTING.md).
 
+## Verifying SDK build provenance with the SLSA framework
+
+LaunchDarkly uses the [SLSA framework](https://slsa.dev/spec/v1.0/about) (Supply-chain Levels for Software Artifacts) to help developers make their supply chain more secure by ensuring the authenticity and build integrity of our published SDK packages. To learn more, see the [provenance guide](PROVENANCE.md). 
+
 ## About LaunchDarkly
 
 - LaunchDarkly is a continuous delivery platform that provides feature flags as a service and allows developers to iterate quickly and safely. We allow you to easily flag your features and manage them from the LaunchDarkly dashboard. With LaunchDarkly, you can:
diff --git a/packages/shared/sdk-server-edge/README.md b/packages/shared/sdk-server-edge/README.md
index 83d0aa0b16..ac4c23570c 100644
--- a/packages/shared/sdk-server-edge/README.md
+++ b/packages/shared/sdk-server-edge/README.md
@@ -12,6 +12,10 @@ This library is a beta version and should not be considered ready for production
 
 See [Contributing](../CONTRIBUTING.md).
 
+## Verifying SDK build provenance with the SLSA framework
+
+LaunchDarkly uses the [SLSA framework](https://slsa.dev/spec/v1.0/about) (Supply-chain Levels for Software Artifacts) to help developers make their supply chain more secure by ensuring the authenticity and build integrity of our published SDK packages. To learn more, see the [provenance guide](PROVENANCE.md). 
+
 ## About LaunchDarkly
 
 - LaunchDarkly is a continuous delivery platform that provides feature flags as a service and allows developers to iterate quickly and safely. We allow you to easily flag your features and manage them from the LaunchDarkly dashboard. With LaunchDarkly, you can:
diff --git a/packages/shared/sdk-server/README.md b/packages/shared/sdk-server/README.md
index ab14b2ce78..2a05f9e297 100644
--- a/packages/shared/sdk-server/README.md
+++ b/packages/shared/sdk-server/README.md
@@ -10,6 +10,10 @@ This project contains Typescript classes and interfaces that are applicable to s
 
 See [Contributing](../CONTRIBUTING.md).
 
+## Verifying SDK build provenance with the SLSA framework
+
+LaunchDarkly uses the [SLSA framework](https://slsa.dev/spec/v1.0/about) (Supply-chain Levels for Software Artifacts) to help developers make their supply chain more secure by ensuring the authenticity and build integrity of our published SDK packages. To learn more, see the [provenance guide](PROVENANCE.md). 
+
 ## About LaunchDarkly
 
 - LaunchDarkly is a continuous delivery platform that provides feature flags as a service and allows developers to iterate quickly and safely. We allow you to easily flag your features and manage them from the LaunchDarkly dashboard. With LaunchDarkly, you can:
diff --git a/packages/store/node-server-sdk-dynamodb/README.md b/packages/store/node-server-sdk-dynamodb/README.md
index 07aef68e0c..3447b66942 100644
--- a/packages/store/node-server-sdk-dynamodb/README.md
+++ b/packages/store/node-server-sdk-dynamodb/README.md
@@ -91,6 +91,10 @@ const factory = DynamoDBFeatureStore({ cacheTTL: 0 });
 
 We encourage pull requests and other contributions from the community. Check out our [contributing guidelines](CONTRIBUTING.md) for instructions on how to contribute to this SDK.
 
+## Verifying SDK build provenance with the SLSA framework
+
+LaunchDarkly uses the [SLSA framework](https://slsa.dev/spec/v1.0/about) (Supply-chain Levels for Software Artifacts) to help developers make their supply chain more secure by ensuring the authenticity and build integrity of our published SDK packages. To learn more, see the [provenance guide](PROVENANCE.md). 
+
 ## About LaunchDarkly
 
 - LaunchDarkly is a continuous delivery platform that provides feature flags as a service and allows developers to iterate quickly and safely. We allow you to easily flag your features and manage them from the LaunchDarkly dashboard. With LaunchDarkly, you can:
diff --git a/packages/store/node-server-sdk-redis/README.md b/packages/store/node-server-sdk-redis/README.md
index ecaa55f000..b5ec68e489 100644
--- a/packages/store/node-server-sdk-redis/README.md
+++ b/packages/store/node-server-sdk-redis/README.md
@@ -66,6 +66,10 @@ const factory = RedisFeatureStoreFactory({ cacheTTL: 0 });
 
 We encourage pull requests and other contributions from the community. Check out our [contributing guidelines](CONTRIBUTING.md) for instructions on how to contribute to this SDK.
 
+## Verifying SDK build provenance with the SLSA framework
+
+LaunchDarkly uses the [SLSA framework](https://slsa.dev/spec/v1.0/about) (Supply-chain Levels for Software Artifacts) to help developers make their supply chain more secure by ensuring the authenticity and build integrity of our published SDK packages. To learn more, see the [provenance guide](PROVENANCE.md). 
+
 ## About LaunchDarkly
 
 - LaunchDarkly is a continuous delivery platform that provides feature flags as a service and allows developers to iterate quickly and safely. We allow you to easily flag your features and manage them from the LaunchDarkly dashboard. With LaunchDarkly, you can: