From 01a55cdb0d53ab596203c6d458706121648509f9 Mon Sep 17 00:00:00 2001 From: Tom Hennen Date: Fri, 20 Sep 2024 15:00:55 +0200 Subject: [PATCH] Update docs/spec/draft/source-requirements.md Co-authored-by: Aditya Sirish <8928778+adityasaky@users.noreply.github.com> Signed-off-by: Tom Hennen --- docs/spec/draft/source-requirements.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/spec/draft/source-requirements.md b/docs/spec/draft/source-requirements.md index 9176aed75..b0b818e97 100644 --- a/docs/spec/draft/source-requirements.md +++ b/docs/spec/draft/source-requirements.md @@ -275,7 +275,7 @@ MAY include additional properties as asserted by the verifier. The verifier MUS 6. `dependencyLevels` MAY be empty as source revisions are typically terminal nodes in a supply chain. Verifiers MAY issue these attestations based on their understanding of the underlying system (e.g. based on design docs, security reviews, etc...), -but at SLSA Source Level 3 MUST used tamper-proof [full attestations](#full-attestations) appropriate to their SCP when making the assessment. +but at SLSA Source Level 3 MUST used tamper-proof [provenance attestations](#provenance-attestations) appropriate to their SCP when making the assessment. The SLSA source track MAY create additional tags to include in `verifiedLevels` which attest to other properties of a revision (e.g. if it was code reviewed). All SLSA source tags will start with `SLSA_SOURCE_`.