Merge pull request #57 from idunbarh/lockheed-martin

docs: adding lockheed martin to list

README.md

@@ -8,12 +8,13 @@ We welcome adopters to add to the list here by creating a directory with a READM
 ## Project Adopters
 This section lists organizations or individuals who have adopted the project and are using it in their workflows or systems. These adopters contribute to the project's ecosystem and showcase its real-world usage across various domains.
 
-| Adopter Name  | logo | Description |
-|---------------|------|-------------|
-| Datadog       |<img src="img/Adopters_logo/Datadog_logo.png" width="50" height="50">|Datadog uses in-toto to secure its agent integrations as they move through the company's CI/CD system. |
-| OpenVEX       |<img src="img/Adopters_logo/OpenVEX_logo.png" width="50" height="50">|OpenVEX documents are designed to be self-sustaining, but the specification is designed to benefit from the in-toto attestation format completing VEX statements with data outside of the OpenVEX predicate. |
-| SLSA          |<img src="img/Adopters_logo/SLSA_logo.svg" width="50" height="50">|Supply chain Levels for Software Artifacts, or SLSA, is a framework that provides a series of requirements and controls. |
-| SolarWinds    |<img src="img/Adopters_logo/Solarwinds_Logo.png" width="50" height="50">|SolarWinds is an American company that provides information technology services and software to other companies and government agencies. |
+| Adopter Name    | logo | Description |
+|-----------------|------|-------------|
+| Datadog         |<img src="img/Adopters_logo/Datadog_logo.png" width="50" height="50">|Datadog uses in-toto to secure its agent integrations as they move through the company's CI/CD system. |
+| Lockheed Martin ||Lockheed Martin is one of the world's largest aerospace and defense companies, primarily known for manufacturing military aircraft like the F-35 Lightning II and F-22 Raptor fighter jets. |
+| OpenVEX         |<img src="img/Adopters_logo/OpenVEX_logo.png" width="50" height="50">|OpenVEX documents are designed to be self-sustaining, but the specification is designed to benefit from the in-toto attestation format completing VEX statements with data outside of the OpenVEX predicate. |
+| SLSA            |<img src="img/Adopters_logo/SLSA_logo.svg" width="50" height="50">|Supply chain Levels for Software Artifacts, or SLSA, is a framework that provides a series of requirements and controls. |
+| SolarWinds      |<img src="img/Adopters_logo/Solarwinds_Logo.png" width="50" height="50">|SolarWinds is an American company that provides information technology services and software to other companies and government agencies. |
 
 
 ## Project Integrations
@@ -25,7 +26,7 @@ This section lists software systems, services, or platforms that integrate with
 | GitLab           | <img src="img/Integrations_logo/Gitlab_logo.png" width="50" height="50">| GitLab is a popular Git server that also provides CI/CD integrations. |
 | Grafeas          |<img src="img/Integrations_logo/Grafeas_logo.png" width="50" height="50">| Grafeas is an open source metadata API that is used to store metadata relevant to software supply chains. Grafeas includes support for in-toto link metadata. |
 | GUAC             |<img src="img/Integrations_logo/Guac_logo.png" width="50" height="50">| GUAC has the ability to ingest and parse SLSA and other in-toto ITE6 attestations (either wrapped in DSSE or standalone). |
-| Hoppr            || Hoppr leverages the in-toto python package to generate in-toto layout files based on a hoppr transfer configuration. |
+| Hoppr            |<img src="img/Integrations_logo/Hoppr_logo.png" width="50" height="50">| Hoppr leverages the in-toto python package to generate in-toto layout files based on a hoppr transfer configuration. |
 | Jenkins          |<img src="img/Integrations_logo/Jenkins_logo.png" width="50" height="50">| The in-toto team maintains a plugin for Jenkins that can be used to generate in-toto metadata pertaining to a particular build or "job". |
 | rebuilderd       || Rebuilderd is a build system project part of Reproducible Builds. When the result of a rebuild is positive, i.e., the build process is found to be reproducible, rebuilderd generates an in-toto link recording this result. |
 | Sigstore         |<img src="img/Integrations_logo/Sistore_logo.png" width="50" height="50">| In-toto and Sigstore are complementary in their efforts, and Sigstore integrates in-toto in a number of ways. Sigstore's keyless signing can be used to sign in-toto metadata, as demonstrated by Cosign's SLSA Provenance generation. |

lockheed-martin/README.md

@@ -0,0 +1,12 @@
+# Lockheed Martin
+
+[Lockheed Martin](https://www.lockheedmartin.com/) is one of the world's largest aerospace and defense companies, primarily known for manufacturing military aircraft like the F-35 Lightning II and F-22 Raptor fighter jets. They also produce missiles, missile defense systems, and other military equipment, serving as one of the largest contractors for the U.S. Department of Defense.
+
+The company also has a significant presence in space technology, building satellites and spacecraft like NASA's Orion, while providing cybersecurity and IT services for government and military applications.
+
+Lockheed Martin is generating in-toto attestations for open source dependencies at ingestion into the corporate network and to validate transfer of data between isolated networks. Non-sensative in-toto attestations are stored in archivista and signed using a private sigstore instance.
+
+## References
+
+- https://sosscdna24.sched.com/event/1aNLk/leveraging-sigstore-capabilities-in-a-local-environment-chad-coleman-lockheed-martin
+- https://www.youtube.com/watch?v=3bJwnrloqpE&t=3s