broaden definition of SCS to mention other tools.

docs/spec/draft/source-requirements.md

@@ -23,7 +23,7 @@ Consumers can examine the various source provenance attestations to determine if
 | Organization | A collection of people who collectively create the Source. Examples of organizations include open-source projects, a company, or a team within a company. The organization defines the goals and methods of the source.
 | Version Control System (VCS)| Software for tracking and managing changes to source. Git and Subversion are examples of version control systems.
 | Revision | A specific state of the source with an identifier provided by the version control system. As an example, you can identify a git revision by its tree hash.
-| Source Control System (SCS) | A service or suite of services (self-hosted or SaaS) relied upon by the organization to produce new revisions of the source. GitHub and GitLab are examples, as are combinations of tools like Gerrit code reviews with GitHub Repositories.
+| Source Control System (SCS) | A suite of tools and services (self-hosted or SaaS) relied upon by the organization to produce new revisions of the source. The role of the SCS may be fulfilled by a single service (e.g., GitHub / GitLab) or rely on a combination of services (e.g., GitLab with Gerrit code reviews, GitHub with OpenSSF Scorecard, etc).
 | Source Provenance | Information about how a revision came to exist, where it was hosted, when it was generated, what process was used, who the contributors were, and what parent revisions it was based on.
 | Repository / Repo | A uniquely identifiable instance of a VCS. The repository controls access to the Source in the VCS. The objective of a repository is to reflect the intent of the organization that controls it.
 | Branch | A named pointer to a revision. Branches may be modified by authorized actors. Branches may have different security requirements.