Skip to content

Commit c19d98f

Browse files
behnazh-wbehnazh-w
authored
docs: add the SCORED paper to README.md (#604)
Signed-off-by: behnazh-w <[email protected]>
1 parent 43a9ecd commit c19d98f

File tree

1 file changed

+21
-1
lines changed

1 file changed

+21
-1
lines changed

README.md

Lines changed: 21 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -21,6 +21,7 @@ To see the full list of supported technologies, such as CI services, registries,
2121
* [Getting started](#getting-started)
2222
* [How to Contribute](#how-to-contribute)
2323
* [Defining new checks](#defining-new-checks)
24+
* [Publications](#publications)
2425
* [Security issue reports](#security-issue-reports)
2526
* [License](#license)
2627

@@ -40,6 +41,25 @@ After cloning a repository, Macaron parses the CI configuration files and bash s
4041

4142
To learn how to define your own checks, see the steps in the [checks documentation](/src/macaron/slsa_analyzer/checks/README.md).
4243

44+
## Publications
45+
46+
* Behnaz Hassanshahi, Trong Nhan Mai, Alistair Michael, Benjamin Selwyn-Smith, Sophie Bates, and Padmanabhan Krishnan: [Macaron: A Logic-based Framework for Software Supply Chain Security Assurance](https://dl.acm.org/doi/abs/10.1145/3605770.3625213). SCORED 2023. Best paper award :trophy:
47+
```tex
48+
@inproceedings{10.1145/3605770.3625213,
49+
author = {Hassanshahi, Behnaz and Mai, Trong Nhan and Michael, Alistair and Selwyn-Smith, Benjamin and Bates, Sophie and Krishnan, Padmanabhan},
50+
title = {Macaron: A Logic-Based Framework for Software Supply Chain Security Assurance},
51+
year = {2023},
52+
isbn = {9798400702631},
53+
publisher = {Association for Computing Machinery},
54+
url = {https://doi.org/10.1145/3605770.3625213},
55+
doi = {10.1145/3605770.3625213},
56+
booktitle = {Proceedings of the 2023 Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses},
57+
pages = {29–37},
58+
series = {SCORED'23}
59+
}
60+
```
61+
62+
4363
## Generating SLSA provenances for Macaron itself
4464

4565
We have integrated [SLSA provenance generation](https://github.com/slsa-framework/slsa-github-generator) for our Docker image and release artifacts. However, due to a strict policy regarding the use of third-party GitHub Actions, we cannot generate the provenances in this repository yet until [this issue](https://github.com/slsa-framework/slsa-github-generator/issues/2204) is resolved.
@@ -50,5 +70,5 @@ Please consult the [security guide](./SECURITY.md) for our responsible security
5070

5171
## License
5272

53-
Copyright (c) 2022, 2023 Oracle and/or its affiliates.
73+
Copyright (c) 2022, 2024 Oracle and/or its affiliates.
5474
Macaron is licensed under the [Universal Permissive License (UPL), Version 1.0](./LICENSE.txt).

0 commit comments

Comments
 (0)