slsa icon indicating copy to clipboard operation
slsa copied to clipboard
verified publisher icon slsa-framework

Create diagram for the site to show how attestations are generated and common methods to distribute them.

Open mlieberman85 opened this issue 3 years ago • 1 comments

Related to: https://github.com/slsa-framework/slsa/issues/475

We already highlight that JSON lines files and OCI are ways to store and distribute SLSA attestations, but people are a bit confused about how to use them in common patterns.

mlieberman85 avatar Sep 02 '22 19:09 mlieberman85

Hello! I was confused about how SLSA/in-toto/DSSE all mapped together and looking at the SVG on this page was a little confusing, especially knowing which pieces correspond to which files/specifications I know about. I took an attempt at creating my own diagram in draw.io:

slsa

Another benefit of this SVG is it's more vertical rather than horizontal which is more universal in terms of directional hierarchies (left-to-right/right-to-left are confusing to at least one part of the world) and is more mobile friendly!

I've also included the .drawio file so it can be modified:

slsa.drawio.txt

Let me know if there is interest in using a diagram like this or if changes need to be made.

sethmlarson avatar Sep 09 '22 17:09 sethmlarson

Certainly open to PRs, but I don't think this is high enough priority to keep the issue open given the number of other open issues we have.

MarkLodato avatar Mar 20 '23 18:03 MarkLodato