Skip to content

Commit

Permalink
Update docs/spec/draft/source-requirements.md
Browse files Browse the repository at this point in the history 
Co-authored-by: Aditya Sirish <8928778+adityasaky@users.noreply.github.com>
Signed-off-by: Tom Hennen <TomHennen@users.noreply.github.com>
  • Loading branch information
@TomHennen @adityasaky
TomHennen and adityasaky committed Sep 20, 2024
1 parent fb001a4 commit 01a55cd
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion docs/spec/draft/source-requirements.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -275,7 +275,7 @@ MAY include additional properties as asserted by the verifier. The verifier MUS
6. `dependencyLevels` MAY be empty as source revisions are typically terminal nodes in a supply chain.

Verifiers MAY issue these attestations based on their understanding of the underlying system (e.g. based on design docs, security reviews, etc...),
but at SLSA Source Level 3 MUST used tamper-proof [full attestations](#full-attestations) appropriate to their SCP when making the assessment.
but at SLSA Source Level 3 MUST used tamper-proof [provenance attestations](#provenance-attestations) appropriate to their SCP when making the assessment.

The SLSA source track MAY create additional tags to include in `verifiedLevels` which attest
to other properties of a revision (e.g. if it was code reviewed). All SLSA source tags will start with `SLSA_SOURCE_`.
Expand Down

0 comments on commit 01a55cd

Please sign in to comment.