From 30f09ef86b546c81901167060f9cb6dbd55f2e8a Mon Sep 17 00:00:00 2001 From: Joshua Lock Date: Mon, 5 Jul 2021 15:52:39 +0100 Subject: [PATCH] Convert terminology table to Markdown --- README.md | 46 +++++++--------------------------------------- 1 file changed, 7 insertions(+), 39 deletions(-) diff --git a/README.md b/README.md index be697ef5e..bcc5ccf0d 100644 --- a/README.md +++ b/README.md @@ -107,45 +107,13 @@ dependencies' supply chains plus its own sources and builds. ![Software Supply Chain Model](images/supply-chain-model.svg) - - - - - - - - - - - - - - - - - -
Term - Description - Example -
Artifact - An immutable blob of data; primarily refers to software, but SLSA can be used for any artifact - A file, a git commit, a directory of files (serialized in some way), a container image, a firmware image. -
Source - Artifact that was directly authored or reviewed by persons, without modification. It is the beginning of the supply chain; we do not trace the provenance back any further. - Git commit (source) hosted on GitHub (platform). -
Build - Process that transforms a set of input artifacts into a set of output artifacts. The inputs may be sources, dependencies, or ephemeral build outputs. - .travis.yml (process) run by Travis CI (platform). -
Package - Artifact that is "published" for use by others. In the model, it is - always the output of a build process, though that build process can be a - no-op. - Docker image (package) distributed on DockerHub (platform). -
Dependency - Artifact that is an input to a build process but that is not a source. In - the model, it is always a package. - Alpine package (package) distributed on Alpine Linux (platform). -
+| Term | Description | Example | +|------|-------------|---------| +| Artifact | An immutable blob of data; primarily refers to software, but SLSA can be used for any artifact. | A file, a git commit, a directory of files (serialized in some way), a container image, a firmware image. | +| Source | Artifact that was directly authored or reviewed by persons, without modification. It is the beginning of the supply chain; we do not trace the provenance back any further. | Git commit (source) hosted on GitHub (platform). | +| Build | Process that transforms a set of input artifacts into a set of output artifacts. The inputs may be sources, dependencies, or ephemeral build outputs. | .travis.yml (process) run by Travis CI (platform). | +| Package | Artifact that is "published" for use by others. In the model, it is always the output of a build process, though that build process can be a no-op. | Docker image (package) distributed on DockerHub (platform). | +| Dependency | Artifact that is an input to a build process but that is not a source. In the model, it is always a package. | Alpine package (package) distributed on Alpine Linux (platform). | Special cases: