Unverified Commit 70e980c9 authored by Mark Lodato's avatar Mark Lodato Committed by GitHub
Browse files

Merge pull request #10 from MarkLodato/main

Add link to slsa-controls repo.
parents 5dac8be9 590d60df
......@@ -24,8 +24,8 @@ standards, inspired by what Google does
aspects of security.
2. **Accreditation:** Process for organizations to certify compliance with
these standards.
3. **Technical controls:** To record provenance and detect or prevent
non-compliance.
3. **[Technical controls][slsa-controls]:** To record provenance and detect or
prevent non-compliance.
Ultimately, the software consumer decides whom to trust and what standards to
enforce. In this light, accreditation is a means to transfer trust across
......@@ -38,6 +38,8 @@ an accreditation process and technical controls over time. In the interim, these
levels can provide value as guidelines for how to secure a software supply
chain.
[slsa-controls]: https://github.com/slsa-framework/slsa-controls
## Principles
We suggest initially focusing on the following two main principles:
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment