The following template can be used to create new track pages for the SLSA specification:
SLSA Tracks Specification Template
This template outlines the content sections that are included in each track page. Because some track content is still in development, the pages are incomplete. When new information becomes available, it will need to coordinate with the existing content categories and be inserted into the relevant sections defined below.
Header Block
A header list should be included at the top of every track page in order to quickly identify what it includes and make it easier to navigate. This header block is a list of topics the user needs to know to determine if this page contains what they're looking for. New categories could be added as product needs evolve. The block currently includes:
-
About this page: introduces the subject of the page in one or two sentences. Keep it as lean as possible.
-
Intended audience: defines who is the reader of the page, so they don't waste their time on the wrong information.
-
Topics covered: summarizes general concepts that will be presented, but not the actual topic headings, because topic headings can be too vague or complicated for an introduction. Use concepts only.
-
Internet standards: provide whatever is applicable or required.
-
For more information: this can be optional and included when contributors suggest links.
Note: When a technical detail is unavailable for the header, a notation in curly braces can be used to indicate the status of the information.
Overview
After the header block, an Overview section should be provided that gives an introductory description that expands on the "About this page" summary. Add information of interest but no technical specifics that could get lost here. People seldom re-read an Overview, so all technical details of specifications and standards need to be located in other well-defined categories for convenient reference. The Overview content does not need to be thorough, just relevant, interesting, and easy to absorb.
Track Content Categories
The four SLSA tracks are: Build, Build Environment, Dependency, and Source. Each track has the same five types of specification content pages. Any new information will need to integrate into the old and corrections made. Duplicate the existing style if possible. The pages in every track are:
Basics
The Basics page introduces track-specific information with a little more technical detail than the Overview. More in-depth coverage will appear in later pages and should be identified with specific headings that are easy to idenfify. Links could be provided if necessary. Each Basic page should include:
- Track-specific terminology
- Track-specific concepts and/or models
- Track level summary
Requirements
This page needs to have all the level details, standards, and specification requirements presented in relevant tables, lists, and diagrams that readers can easily refer to repeatedly. Special care may need to be taken to provide clean, clear, consistent headings appropriate for each security level (levels 0 - 3).
Provenance
This page will define how the distribution and verification of Provenance metadata should be done using the SLSA attestation formats.
Verification
This page lists recommendations on how human inspectors should verify artifacts and their SLSA Provenance.
Assessment
This page needs to provide explanations of the parts of the underlying platform that consumers should assess with specific questions.
Control Examples
The only Control Examples are in the Source track at this time.
Missing Track Content
When track information is unavailable and still in development, add clarifying notations that explain to users what or why it's not there. For example, it may be helpful to say, "This information will be supplied when development is completed."
The following template can be used to create new track pages for the SLSA specification:
SLSA Tracks Specification Template
This template outlines the content sections that are included in each track page. Because some track content is still in development, the pages are incomplete. When new information becomes available, it will need to coordinate with the existing content categories and be inserted into the relevant sections defined below.
Header Block
A header list should be included at the top of every track page in order to quickly identify what it includes and make it easier to navigate. This header block is a list of topics the user needs to know to determine if this page contains what they're looking for. New categories could be added as product needs evolve. The block currently includes:
About this page: introduces the subject of the page in one or two sentences. Keep it as lean as possible.
Intended audience: defines who is the reader of the page, so they don't waste their time on the wrong information.
Topics covered: summarizes general concepts that will be presented, but not the actual topic headings, because topic headings can be too vague or complicated for an introduction. Use concepts only.
Internet standards: provide whatever is applicable or required.
For more information: this can be optional and included when contributors suggest links.
Note: When a technical detail is unavailable for the header, a notation in curly braces can be used to indicate the status of the information.
Overview
After the header block, an Overview section should be provided that gives an introductory description that expands on the "About this page" summary. Add information of interest but no technical specifics that could get lost here. People seldom re-read an Overview, so all technical details of specifications and standards need to be located in other well-defined categories for convenient reference. The Overview content does not need to be thorough, just relevant, interesting, and easy to absorb.
Track Content Categories
The four SLSA tracks are: Build, Build Environment, Dependency, and Source. Each track has the same five types of specification content pages. Any new information will need to integrate into the old and corrections made. Duplicate the existing style if possible. The pages in every track are:
Basics
The Basics page introduces track-specific information with a little more technical detail than the Overview. More in-depth coverage will appear in later pages and should be identified with specific headings that are easy to idenfify. Links could be provided if necessary. Each Basic page should include:
Requirements
This page needs to have all the level details, standards, and specification requirements presented in relevant tables, lists, and diagrams that readers can easily refer to repeatedly. Special care may need to be taken to provide clean, clear, consistent headings appropriate for each security level (levels 0 - 3).
Provenance
This page will define how the distribution and verification of Provenance metadata should be done using the SLSA attestation formats.
Verification
This page lists recommendations on how human inspectors should verify artifacts and their SLSA Provenance.
Assessment
This page needs to provide explanations of the parts of the underlying platform that consumers should assess with specific questions.
Control Examples
The only Control Examples are in the Source track at this time.
Missing Track Content
When track information is unavailable and still in development, add clarifying notations that explain to users what or why it's not there. For example, it may be helpful to say, "This information will be supplied when development is completed."