Commit 99a105bd authored by Mark Lodato's avatar Mark Lodato
Browse files

Prefer relative links to simplify the content.



This fixes the pages when rendered on GitHub and generally makes
the source easier to read.
Signed-off-by: default avatarMark Lodato <lodato@google.com>
parent 2919f7d0
......@@ -61,7 +61,7 @@ levels:
</div>
</div>
<div class="my-16 w-full">
<img class="mx-auto w-full md:w-3/4" src="{{ site.baseurl }}/images/supply-chain-threats.svg" alt="supply chain full threats image" />
<img class="mx-auto w-full md:w-3/4" src="../../images/supply-chain-threats.svg" alt="supply chain full threats image" />
</div>
</div>
<div class="wrapper inner w-full">
......@@ -99,7 +99,7 @@ levels:
<p>There’s more to security than just protection against tampering. From vulnerability management and fuzzing to testing and developer trust, many of these require solutions where effort’s focused on the source. That’s where SLSA complements your wider security efforts, giving you confidence that the code you run is the code you analyzed.</p>
</div>
<div class="w-full md:w-1/2">
<img class="mx-auto" src="{{ site.baseurl }}/images/SLSA-SBOM.svg" alt="How it fits into the security ecosystem image" />
<img class="mx-auto" src="../../images/SLSA-SBOM.svg" alt="How it fits into the security ecosystem image" />
</div>
</div>
</div>
......@@ -121,7 +121,7 @@ levels:
<p>SLSA’s requirements look at the three general main areas involved in a software artifact’s creation, and where vulnerabilities target - the build, the source, and the dependencies. As the levels scale up, they show that work’s been done to assure there’s more integrity in each area, which can be helpful in scenario planning.</p>
</div>
<div class="w-full md:w-1/3 mx-auto">
<img src="{{ site.baseurl }}/images/badge-exploded.svg" alt="SLSA levels badge">
<img src="../../images/badge-exploded.svg" alt="SLSA levels badge">
</div>
</div>
<div class="flex flex-wrap md:flex-row justify-between items-start mt-16 md:-ml-4 md:-mr-4">
......
......@@ -87,7 +87,7 @@ _○ = required unless there is a justification_
Attacks can occur at every link in a typical software supply chain, and these kinds of attacks are increasingly public, disruptive and costly in today’s environment. In developing SLSA, the requirements for each level are designed to specifically mitigate the risk of such known examples. For a much deeper technical analysis of the risks and how SLSA mitigates them, see [Threats and mitigations](threats.md).
![Supply Chain Threats]({{ site.baseurl }}/images/supply-chain-threats.svg)
![Supply Chain Threats](../../images/supply-chain-threats.svg)
Many recent high-profile attacks were consequences of supply-chain integrity vulnerabilities, and could have been prevented by SLSA's framework. For example:
......
......@@ -21,7 +21,7 @@ SLSA is a set of incrementally adoptable security guidelines, established by ind
SLSA's framework addresses every step of the software supply chain - the sequence of steps resulting in the creation of an artifact. We represent a supply chain as a [directed acyclic graph](https://en.wikipedia.org/wiki/Directed_acyclic_graph) of sources, builds, dependencies, and packages. One artifact's supply chain is a combination of its dependencies' supply chains plus its own sources and builds.
![Software Supply Chain Model]({{ site.baseurl }}/images/supply-chain-model.svg)
![Software Supply Chain Model](../../images/supply-chain-model.svg)
| Term | Description | Example |
| --- | --- | --- |
......@@ -314,7 +314,7 @@ accepts. The format SHOULD be in-toto [SLSA Provenance],
but another format MAY be used if both producer and consumer agree and it meets
all the other requirements.
[SLSA Provenance]: {{site.baseurl}}/provenance
[SLSA Provenance]: ../../provenance
<td><td><td><td>
<tr id="authenticated">
......
......@@ -25,7 +25,7 @@ The goals of this document are to:
## Definition of integrity
![Supply Chain Threats]({{ site.baseurl }}/images/supply-chain-threats.svg)
![Supply Chain Threats](../../images/supply-chain-threats.svg)
Our goal is to provide software supply chain integrity, but we first need to
define "integrity." Within SLSA, we divide integrity into two main areas:
......
......@@ -16,7 +16,7 @@ order: 0
<p>We rely on feedback from other organizations to evolve SLSA and be more useful to more people. We’d love to hear your experiences using it, and welcome all contributions, challenges and collaboration.</p>
</div>
<div class="md:w-5/12 w-full flex justify-center md:justify-end">
<img class="w-3/4 pl-6 mt-12" src="{{ site.baseurl }}/images/slsa-dancing-goose-logo.svg" alt="SLSA dancing goose image">
<img class="w-3/4 pl-6 mt-12" src="images/slsa-dancing-goose-logo.svg" alt="SLSA dancing goose image">
</div>
</div>
<div class="flex flex-wrap justify-center items-center w-6/7 mt-8 mx-auto md:-mr-5 md:-ml-5">
......@@ -41,7 +41,7 @@ order: 0
</div>
</section>
<section class="section relative bg-green-transparent flex justify-center items-center overflow-hidden">
<img class="object-cover absolute w-full h-full z-0" src="{{ site.baseurl }}/images/community-bg.png" alt="Community background image">
<img class="object-cover absolute w-full h-full z-0" src="images/community-bg.png" alt="Community background image">
<div class="bg-light-green h-full rounded-lg p-10 z-10 w-4/5 md:w-2/3 mx-auto">
<p class="font-bold h3 mb-6">“SLSA’s really the first of its kind, a framework for supply chain and build integrity. What sets it apart is the thriving community behind it, and it’s resonating with different organizations.”</p>
<p class="font-semibold h4 mb-0.5">Kim Lewandowski</p>
......
......@@ -31,9 +31,9 @@ order: 0
<p class="h4 font-bold mb-6">Steps</p>
<ul class="list-decimal mt-6 mb-10 pl-6">
<li>If you don't already use a build service or CI/CD, we recommend you set one up. This is not strictly required but it makes the following steps easier and is needed for higher levels. Consider using a service that is supported in the next step.</li>
<li>Generate <a href="{{ site.baseurl }}/provenance">provenance</a> during your build. The <a href="#tools">tools</a> below might be useful. If your build service is not listed there, consider creating a plugin to generate provenance.
<li>Generate <a href="provenance">provenance</a> during your build. The <a href="#tools">tools</a> below might be useful. If your build service is not listed there, consider creating a plugin to generate provenance.
<li>Make the provenance available to your consumers. We don't yet have a standard convention for this. Best practises will develop as SLSA becomes more popular and we get more experience.</li>
<li>You’re Level 1! Add the <a href="{{ site.baseurl }}/images/SLSA-Badge-full-level1.svg">SLSA Level 1 badge</a> to your project's readme.</li>
<li>You’re Level 1! Add the <a href="images/SLSA-Badge-full-level1.svg">SLSA Level 1 badge</a> to your project's readme.</li>
</ul>
<p class="h4 font-bold mb-6" id="tools">Tools</p>
<ul class="list-disc mt-6 pl-6">
......
......@@ -55,7 +55,7 @@ testimonials:
<!-- Hero -->
<section class="hero home flex justify-center items-center relative">
<video class="absolute object-cover h-full w-full z-0" autoplay muted loop>
<source src="{{ site.baseurl }}/images/v1.mp4" type="video/mp4">
<source src="images/v1.mp4" type="video/mp4">
Your browser does not support the video tag.
</video>
<div class="wrapper inner text-green z-20">
......@@ -72,7 +72,7 @@ testimonials:
<p>It’s a security framework, a check-list of standards and controls to prevent tampering, improve integrity, and secure packages and infrastructure in your projects, businesses or enterprises. It’s how you get from safe enough to being as resilient as possible, at any link in the chain.</p>
</div>
<div class="w-full md:w-1/3 md:mt-0 mt-8">
<img src="{{ site.baseurl }}/images/logo-mono.svg" alt="SLSA logo mark mono version">
<img src="images/logo-mono.svg" alt="SLSA logo mark mono version">
</div>
</div>
</div>
......@@ -85,10 +85,10 @@ testimonials:
</div>
<div class="w-full md:w-1/2 md:mt-0 mt-8">
<p>Any software can introduce vulnerabilities into a supply chain. As a system gets more complex, it’s critical to already have checks and best practices in place to guarantee artifact integrity, that the source code you’re relying on is the code you’re actually using. Without solid foundations and a plan for the system as it grows, it’s difficult to focus your efforts against tomorrow’s next hack, breach or compromise.</p>
<a href="{{ site.baseurl }}/spec/{{ site.current_spec_version }}/#supply-chain-threats" class="cta-link h5 font-semibold mt-8">More about supply chain attacks</a>
<a href="spec/{{ site.current_spec_version }}/#supply-chain-threats" class="cta-link h5 font-semibold mt-8">More about supply chain attacks</a>
</div>
</div>
<img class="mt-16 mx-auto w-full md:w-3/4" src="{{ site.baseurl }}/images/SupplyChainDiagram.svg" alt="the supply chain problem image">
<img class="mt-16 mx-auto w-full md:w-3/4" src="images/SupplyChainDiagram.svg" alt="the supply chain problem image">
</div>
</section>
<section class="section bg-pastel-green flex flex-col justify-center items-center">
......@@ -98,10 +98,10 @@ testimonials:
<h4 class="h2 mb-8">Levels of assurance</h4>
<p>SLSA levels are like a common language to talk about how secure software, supply chains and their component parts really are. From source to system, the levels blend together industry-recognized best practices to create four compliance levels of increasing assurance.
These look at the builds, sources and dependencies in open source or commercial software. Starting with easy, basic steps at the lower levels to build up and protect against advanced threats later, bringing SLSA into your work means prioritized, practical measures to prevent unauthorized modifications to software, and a plan to harden that security over time.</p>
<a href="{{ site.baseurl }}/spec/{{ site.current_spec_version }}/levels" class="cta-link h5 font-semibold mt-8">Read the level specifications</a>
<a href="spec/{{ site.current_spec_version }}/levels" class="cta-link h5 font-semibold mt-8">Read the level specifications</a>
</div>
<div class="w-full md:w-2/4 md:mt-0 mt-8 pl-12">
<img class="w-3/4 mx-auto" src="{{ site.baseurl }}/images/badge-exploded.svg" alt="SLSA levels badge">
<img class="w-3/4 mx-auto" src="images/badge-exploded.svg" alt="SLSA levels badge">
</div>
</div>
<div class="flex flex-wrap justify-between items-center mt-16 md:-ml-4 md:-mr-4">
......
......@@ -86,7 +86,7 @@ order: 0
<p class="h4">Example case studies</p>
<ul class="mt-6 mb-16 custom-list">
<li class="border-t border-b border-black-900">
<a class="p-0 m-0 text-green-dark w-full hover:no-underline" href="{{ site.baseurl }}/use-cases/publishing-a-software-package">
<a class="p-0 m-0 text-green-dark w-full hover:no-underline" href="use-cases/publishing-a-software-package">
<p class="h3 font-semibold flex items-center pt-8 pb-8">
<span class="mr-4">
<svg width="18" height="18" viewBox="0 0 18 18" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0.896251 18C-0.298751 12.0505 -0.298752 5.94951 0.896249 -7.47629e-07C7.1285 2.02552 12.9429 5.081 18 9C12.9429 12.919 7.1285 15.9745 0.896251 18Z" fill="#40DB88"/></svg></span>
......@@ -95,7 +95,7 @@ order: 0
</a>
</li>
<li class="border-b border-black-900">
<a class="p-0 m-0 text-green-dark w-full hover:no-underline" href="{{ site.baseurl }}/use-cases/consuming-third-party-software">
<a class="p-0 m-0 text-green-dark w-full hover:no-underline" href="use-cases/consuming-third-party-software">
<p class="h3 font-semibold flex items-center pt-8 pb-8">
<span class="mr-4">
<svg width="18" height="18" viewBox="0 0 18 18" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0.896251 18C-0.298751 12.0505 -0.298752 5.94951 0.896249 -7.47629e-07C7.1285 2.02552 12.9429 5.081 18 9C12.9429 12.919 7.1285 15.9745 0.896251 18Z" fill="#40DB88"/></svg></span>
......@@ -104,7 +104,7 @@ order: 0
</a>
</li>
<li class="border-b border-black-900">
<a class="p-0 m-0 text-green-dark w-full hover:no-underline" href="{{ site.baseurl }}/use-cases/package-repository-accepting-a-software-package">
<a class="p-0 m-0 text-green-dark w-full hover:no-underline" href="use-cases/package-repository-accepting-a-software-package">
<p class="h3 font-semibold flex items-center pt-8 pb-8">
<span class="mr-4">
<svg width="18" height="18" viewBox="0 0 18 18" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0.896251 18C-0.298751 12.0505 -0.298752 5.94951 0.896249 -7.47629e-07C7.1285 2.02552 12.9429 5.081 18 9C12.9429 12.919 7.1285 15.9745 0.896251 18Z" fill="#40DB88"/></svg></span>
......@@ -113,7 +113,7 @@ order: 0
</a>
</li>
<li class="border-b border-black-900">
<a class="p-0 m-0 text-green-dark w-full hover:no-underline" href="{{ site.baseurl }}/example">
<a class="p-0 m-0 text-green-dark w-full hover:no-underline" href="example">
<p class="h3 font-semibold flex items-center pt-8 pb-8">
<span class="mr-4">
<svg width="18" height="18" viewBox="0 0 18 18" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0.896251 18C-0.298751 12.0505 -0.298752 5.94951 0.896249 -7.47629e-07C7.1285 2.02552 12.9429 5.081 18 9C12.9429 12.919 7.1285 15.9745 0.896251 18Z" fill="#40DB88"/></svg></span>
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment