diff --git a/docs/spec/draft/source-requirements.md b/docs/spec/draft/source-requirements.md index 9176aed75..b0b818e97 100644 --- a/docs/spec/draft/source-requirements.md +++ b/docs/spec/draft/source-requirements.md @@ -275,7 +275,7 @@ MAY include additional properties as asserted by the verifier. The verifier MUS 6. `dependencyLevels` MAY be empty as source revisions are typically terminal nodes in a supply chain. Verifiers MAY issue these attestations based on their understanding of the underlying system (e.g. based on design docs, security reviews, etc...), -but at SLSA Source Level 3 MUST used tamper-proof [full attestations](#full-attestations) appropriate to their SCP when making the assessment. +but at SLSA Source Level 3 MUST used tamper-proof [provenance attestations](#provenance-attestations) appropriate to their SCP when making the assessment. The SLSA source track MAY create additional tags to include in `verifiedLevels` which attest to other properties of a revision (e.g. if it was code reviewed). All SLSA source tags will start with `SLSA_SOURCE_`.