Skip to content

Commit 30f09ef

Browse files
joshuagljoshuagl
committed
Convert terminology table to Markdown
1 parent 0733525 commit 30f09ef

File tree

1 file changed

+7
-39
lines changed

1 file changed

+7
-39
lines changed

README.md

+7-39
Original file line numberDiff line numberDiff line change
@@ -107,45 +107,13 @@ dependencies' supply chains plus its own sources and builds.
107107

108108
![Software Supply Chain Model](images/supply-chain-model.svg)
109109

110-
<table>
111-
<thead>
112-
<tr>
113-
<th>Term
114-
<th>Description
115-
<th>Example
116-
</tr>
117-
</thead>
118-
<tbody>
119-
<tr>
120-
<th>Artifact
121-
<td>An immutable blob of data; primarily refers to software, but SLSA can be used for any artifact
122-
<td>A file, a git commit, a directory of files (serialized in some way), a container image, a firmware image.
123-
</tr>
124-
<tr>
125-
<th>Source
126-
<td>Artifact that was directly authored or reviewed by persons, without modification. It is the beginning of the supply chain; we do not trace the provenance back any further.
127-
<td>Git commit (source) hosted on GitHub (platform).
128-
</tr>
129-
<tr>
130-
<th>Build
131-
<td>Process that transforms a set of input artifacts into a set of output artifacts. The inputs may be sources, dependencies, or ephemeral build outputs.
132-
<td>.travis.yml (process) run by Travis CI (platform).
133-
</tr>
134-
<tr>
135-
<th>Package
136-
<td>Artifact that is "published" for use by others. In the model, it is
137-
always the output of a build process, though that build process can be a
138-
no-op.
139-
<td>Docker image (package) distributed on DockerHub (platform).
140-
</tr>
141-
<tr>
142-
<th>Dependency
143-
<td>Artifact that is an input to a build process but that is not a source. In
144-
the model, it is always a package.
145-
<td>Alpine package (package) distributed on Alpine Linux (platform).
146-
</tr>
147-
</tbody>
148-
</table>
110+
| Term | Description | Example |
111+
|------|-------------|---------|
112+
| Artifact | An immutable blob of data; primarily refers to software, but SLSA can be used for any artifact. | A file, a git commit, a directory of files (serialized in some way), a container image, a firmware image. |
113+
| Source | Artifact that was directly authored or reviewed by persons, without modification. It is the beginning of the supply chain; we do not trace the provenance back any further. | Git commit (source) hosted on GitHub (platform). |
114+
| Build | Process that transforms a set of input artifacts into a set of output artifacts. The inputs may be sources, dependencies, or ephemeral build outputs. | .travis.yml (process) run by Travis CI (platform). |
115+
| Package | Artifact that is "published" for use by others. In the model, it is always the output of a build process, though that build process can be a no-op. | Docker image (package) distributed on DockerHub (platform). |
116+
| Dependency | Artifact that is an input to a build process but that is not a source. In the model, it is always a package. | Alpine package (package) distributed on Alpine Linux (platform). |
149117

150118
Special cases:
151119

0 commit comments

Comments
 (0)