From dfdc0f2e3a5a15c890f2fee04bf9cfbfeffab1fb Mon Sep 17 00:00:00 2001 From: laurentsimon Date: Tue, 1 Aug 2023 17:34:42 +0000 Subject: [PATCH] Remove slsa.dev from links Signed-off-by: laurentsimon --- docs/_posts/2023-08-07-bring-your-own-builder-github.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/_posts/2023-08-07-bring-your-own-builder-github.md b/docs/_posts/2023-08-07-bring-your-own-builder-github.md index ffc4e9889..ff7a314b2 100644 --- a/docs/_posts/2023-08-07-bring-your-own-builder-github.md +++ b/docs/_posts/2023-08-07-bring-your-own-builder-github.md @@ -9,7 +9,7 @@ It has been an exciting quarter for supply chain security and SLSA, with the rel SLSA now provides and maintains official builders for [Go](2022/06/slsa-github-workflows), [Node.js](2023/05/bringing-improved-supply-chain-security-to-the-nodejs-ecosystem) and [Container](2023/06/slsa-github-worfklows-container-based) based projects. But what if you don't use any of these languages or use custom tooling that isn't supported by the official builders? -To empower the community to create their own provenance builders and leverage the secure architecture of the official SLSA builders we are releasing the ["Build Your Own Builder" framework](https://github.com/slsa-framework/slsa-github-generator/tree/main#build-your-own-builder) for GitHub Actions. This makes it easy to take an existing GitHub Action (e.g. [JReleaser](https://jreleaser.org/)) and make it produce [SLSA Build Level 3 provenance](https://slsa.dev/spec/v1.0/requirements#provenance-generation). +To empower the community to create their own provenance builders and leverage the secure architecture of the official SLSA builders we are releasing the ["Build Your Own Builder" framework](https://github.com/slsa-framework/slsa-github-generator/tree/main#build-your-own-builder) for GitHub Actions. This makes it easy to take an existing GitHub Action (e.g. [JReleaser](https://jreleaser.org/)) and make it produce [SLSA Build Level 3 provenance](/spec/v1.0/requirements#provenance-generation). Writing a builder from scratch is a tedious multi-month effort. The BYOB framework streamlines this process and cuts the development time down to a few days. As a builder author, you don't need to worry about keeping signing keys secure, isolation between builds, the creation of attestations; all this is handled seamlessly by the framework, using the [same security design principles](https://github.com/slsa-framework/slsa-github-generator/tree/main#specifications) as our existing builders. @@ -19,7 +19,7 @@ To demonstrate the flexibility of this framework, we are also announcing three S The BYOB framework benefits both GitHub Action maintainers and GitHub Action users: -1. For Action maintainers, it makes it easy to meet the [SLSA Build L3](https://slsa.dev/spec/v1.0/levels#build-l3) requirements. +1. For Action maintainers, it makes it easy to meet the [SLSA Build L3](/spec/v1.0/levels#build-l3) requirements. 2. For Action users, it makes it easy to adopt SLSA by trusting the BYOB project and the Action code - without worrying about which machine runs the Action. The BYOB framework provides a set of GitHub Actions and workflows that helps builder authors generate provenance.