Skip to content

Commit bac9fb7

Browse files
TomHennenTomHennen
authored
source-tool isn't a PoC anymore (#325)
It's still in development though. Updates README.md to bring it up to date with the current state of the project. Also changed one old link from slsa-source-poc to source-tool. Signed-off-by: Tom Hennen <[email protected]>
1 parent af7518e commit bac9fb7

File tree

2 files changed

+11
-17
lines changed

2 files changed

+11
-17
lines changed

GETTING_STARTED.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -100,7 +100,7 @@ will be enabled through a regular pull request.
100100
#### 2. Download sourcetool
101101

102102
Download the `sourcetool` binary for your local architecture from the [GitHub
103-
releases page](https://github.com/slsa-framework/slsa-source-poc/releases/latest).
103+
releases page](https://github.com/slsa-framework/source-tool/releases/latest).
104104

105105
## Authorize Sourcetool to Access your Repositories
106106

README.md

Lines changed: 10 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,6 @@
1-
# slsa-source-poc
1+
# source tool
22

3-
A proof-of-concept for how the SLSA Source Track could be implemented.
4-
5-
The code in this repository should not be relied upon for production purposes.
3+
A tool that helps users implement the SLSA Source Track.
64

75
Status: in development
86

@@ -13,18 +11,14 @@ this tool meets the SLSA Source Requirements.
1311

1412
[DESIGN.md](docs/DESIGN.md) explains more specifically how the system works.
1513

16-
## Components
17-
18-
[compute_slsa_source.yml](.github/workflows/compute_slsa_source.yml) is a reusable workflow that
19-
is calculates a SLSA source level and produces 'source provenance' and a 'verification summary'
20-
for the revision (commit) that was just pushed.
21-
22-
[local_attest.yml](.github/workflows/local_attest.yml) is a local workflow that invokes compute_slsa_source.yml.
14+
[GETTING_STARTED.md](GETTING_STARTED.md) explains how to get started using the tool.
2315

24-
[slsa_with_provenance](actions/slsa_with_provenance/action.yml) is a GitHub Action that does most
25-
of the work.
16+
## Related repositories
2617

27-
[get_note](actions/get_note/action.yml) is a GitHub Action that gets a git note from a commit.
18+
[source-actions](https://github.com/slsa-framework/source-actions) the GitHub Actions
19+
used with source-tool to implement SLSA Source Track requirements within GitHub
20+
projects.
2821

29-
[store_note](actions/store_note/action.yml) is a GitHub Action that stores a git note for
30-
a commit.
22+
[source-policies](https://github.com/slsa-framework/source-policies) stores each GitHub
23+
project's 'policy' which details the SLSA Source Level and other controls implemented
24+
by that repository.

0 commit comments

Comments
 (0)