Skip to content

Commit

Permalink
Update docs/spec/v1.0/verification_summary.md
Browse files Browse the repository at this point in the history
Co-authored-by: Mark Lodato <[email protected]>
Signed-off-by: Zhenyu (Adam) Wu <[email protected]>
  • Loading branch information
AdamZWu and MarkLodato committed Oct 20, 2023
1 parent fd2a5e2 commit 5e6a43e
Show file tree
Hide file tree
Showing 2 changed files with 18 additions and 16 deletions.
17 changes: 9 additions & 8 deletions docs/spec/v1.0/verification_summary.md
Original file line number Diff line number Diff line change
Expand Up @@ -191,15 +191,15 @@ of the other top-level fields, such as `subject`, see [Statement]._
>
> Map from [SlsaResult] to the number of the artifact's _transitive_ dependencies
> that were verified at the indicated level. Absence of a given level of
> [SlsaResult] MUST be interpreted as reporting _0_ dependencies at that level,
> e.g. an empty `dependencyLevels` object means that the artifact has **no**
> dependency at all (vs. a non-present, i.e. "null", `dependencyLevels` means
> that the verifier does not disclose the dependency stats).
> [SlsaResult] MUST be interpreted as reporting _0_ dependencies at that level.
> A set but empty `dependencyLevels` object means that the artifact has **no**
> dependency at all, while an unset or null `dependencyLevels` means that the
> verifier makes no claims about the artifact's dependencies.
>
> Users MUST count each dependency only once per SLSA track, at the highest
> level verified. For example, if a dependency meets `SLSA_BUILD_LEVEL_2`,
> you include it with the count for `SLSA_BUILD_LEVEL_2` but not the count for
> the other `SLSA_BUILD` levels.
> `SLSA_BUILD_LEVEL_1`.
<a id="slsaVersion"></a>
`slsaVersion` _string, optional_
Expand Down Expand Up @@ -254,15 +254,16 @@ WARNING: This is just for demonstration purposes.

</div>

The result of evaluating an artifact (or set of artifacts) against SLSA.
SHOULD contain one value per SLSA track:
The result of evaluating an artifact (or set of artifacts) against SLSA tracks.
SHOULD be one of these values:

- SLSA BUILD track:
- `SLSA_BUILD_LEVEL_0`
- `SLSA_BUILD_LEVEL_1`
- `SLSA_BUILD_LEVEL_2`
- `SLSA_BUILD_LEVEL_3`
- FAILED (Indicates policy evaluation failed, optional)
- General policy evaluation track:
- `FAILED`

Note that each SLSA level implies the levels below it in the same track.
For example, `SLSA_BUILD_LEVEL_3` means (`SLSA_BUILD_LEVEL_1` +
Expand Down
17 changes: 9 additions & 8 deletions docs/spec/v1.1/verification_summary.md
Original file line number Diff line number Diff line change
Expand Up @@ -191,15 +191,15 @@ of the other top-level fields, such as `subject`, see [Statement]._
>
> Map from [SlsaResult] to the number of the artifact's _transitive_ dependencies
> that were verified at the indicated level. Absence of a given level of
> [SlsaResult] MUST be interpreted as reporting _0_ dependencies at that level,
> e.g. an empty `dependencyLevels` object means that the artifact has **no**
> dependency at all (vs. a non-present, i.e. "null", `dependencyLevels` means
> that the verifier does not disclose the dependency stats).
> [SlsaResult] MUST be interpreted as reporting _0_ dependencies at that level.
> A set but empty `dependencyLevels` object means that the artifact has **no**
> dependency at all, while an unset or null `dependencyLevels` means that the
> verifier makes no claims about the artifact's dependencies.
>
> Users MUST count each dependency only once per SLSA track, at the highest
> level verified. For example, if a dependency meets `SLSA_BUILD_LEVEL_2`,
> you include it with the count for `SLSA_BUILD_LEVEL_2` but not the count for
> the other `SLSA_BUILD` levels.
> `SLSA_BUILD_LEVEL_1`.
<a id="slsaVersion"></a>
`slsaVersion` _string, optional_
Expand Down Expand Up @@ -351,16 +351,17 @@ verifiers they add to their roots of trust.

</div>

The result of evaluating an artifact (or set of artifacts) against SLSA.
SHOULD contain one value per SLSA track:
The result of evaluating an artifact (or set of artifacts) against SLSA tracks.
SHOULD be one of these values:

- SLSA BUILD track:
- `SLSA_BUILD_LEVEL_UNEVALUATED`
- `SLSA_BUILD_LEVEL_0`
- `SLSA_BUILD_LEVEL_1`
- `SLSA_BUILD_LEVEL_2`
- `SLSA_BUILD_LEVEL_3`
- FAILED (Indicates policy evaluation failed, optional)
- General policy evaluation track:
- `FAILED`

Note that each SLSA level implies the levels below it in the same track.
For example, `SLSA_BUILD_LEVEL_3` means (`SLSA_BUILD_LEVEL_1` +
Expand Down

0 comments on commit 5e6a43e

Please sign in to comment.