fix lint and spelling

Signed-off-by: Chris Abraham <[email protected]>
cncf · Jul 15, 2024 · 557577b · 557577b
1 parent f1e36a7
commit 557577b
Show file tree

Hide file tree

Showing 7 changed files with 8 additions and 67 deletions.
diff --git a/ci/spelling-config.json b/ci/spelling-config.json
@@ -60,6 +60,8 @@
         "frontmatter",
         "Gamal",
         "gconv",
+        "gitsign",
+        "gittuf",
         "GUAC",
         "helm",
         "HIPAA",

diff --git a/publications/supply-chain-security-tools/README.md b/publications/supply-chain-security-tools/README.md
@@ -7,5 +7,5 @@ Find out what tools are used to secure the supply chain. Explore the general req
 1. [Securing the Source Code](securing-source-code.md)
 2. [Securing Materials](securing-materials.md)
 3. [Securing Build Pipelines](securing-build-pipelines.md)
-4. [Securing Artefacts](securing-aretfacts.md)
+4. [Securing Artifacts](securing-artifacts.md)
 5. [Securing Deployments](securing-deployments.md)
diff --git a/...hain-security-tools/securing-aretfacts.md → ...hain-security-tools/securing-artifacts.md b/...hain-security-tools/securing-aretfacts.md → ...hain-security-tools/securing-artifacts.md
@@ -1,27 +1,13 @@
-# Securing Artefacts
+# Securing Artifacts
 
 {{% blocks/lead color="white" align="left" %}}
 Here are the list of requirements for securing the source code. Each one has a list of tools used to achieve it.
 {{% /blocks/lead %}}
 
 ## 1. Require signed commits
 
-Tool capability: sign commits, verify signed commits
-
-#### Tools
-- Sigstore (gitsign)
-- gittuf
-- GUAC
-
-
 ## 2. Enforce full attestation and verification for protected branches
 
-Tool capability: monitor protected branches
-
-#### Tools
-- gittuf
-
-
 ## 3. Prevent committing secrets to the source code repository
 
 ## 4. Define individuals/teams that are responsible for code in a repository and associated coding conventions
@@ -43,4 +29,3 @@ Tool capability: monitor protected branches
 ## 12. Have a Key Rotation Policy
 
 ## 13. Use short-lived/ephemeral credentials for machine/service access
-
diff --git a/publications/supply-chain-security-tools/securing-build-pipelines.md b/publications/supply-chain-security-tools/securing-build-pipelines.md
@@ -6,22 +6,8 @@ Here are the list of requirements for securing the source code. Each one has a l
 
 ## 1. Require signed commits
 
-Tool capability: sign commits, verify signed commits
-
-#### Tools
-- Sigstore (gitsign)
-- gittuf
-- GUAC
-
-
 ## 2. Enforce full attestation and verification for protected branches
 
-Tool capability: monitor protected branches
-
-#### Tools
-- gittuf
-
-
 ## 3. Prevent committing secrets to the source code repository
 
 ## 4. Define individuals/teams that are responsible for code in a repository and associated coding conventions
@@ -43,4 +29,3 @@ Tool capability: monitor protected branches
 ## 12. Have a Key Rotation Policy
 
 ## 13. Use short-lived/ephemeral credentials for machine/service access
-
diff --git a/publications/supply-chain-security-tools/securing-deployments.md b/publications/supply-chain-security-tools/securing-deployments.md
@@ -6,22 +6,8 @@ Here are the list of requirements for securing the source code. Each one has a l
 
 ## 1. Require signed commits
 
-Tool capability: sign commits, verify signed commits
-
-#### Tools
-- Sigstore (gitsign)
-- gittuf
-- GUAC
-
-
 ## 2. Enforce full attestation and verification for protected branches
 
-Tool capability: monitor protected branches
-
-#### Tools
-- gittuf
-
-
 ## 3. Prevent committing secrets to the source code repository
 
 ## 4. Define individuals/teams that are responsible for code in a repository and associated coding conventions
@@ -43,4 +29,3 @@ Tool capability: monitor protected branches
 ## 12. Have a Key Rotation Policy
 
 ## 13. Use short-lived/ephemeral credentials for machine/service access
-
diff --git a/publications/supply-chain-security-tools/securing-materials.md b/publications/supply-chain-security-tools/securing-materials.md
@@ -6,22 +6,8 @@ Here are the list of requirements for securing the source code. Each one has a l
 
 ## 1. Require signed commits
 
-Tool capability: sign commits, verify signed commits
-
-#### Tools
-- Sigstore (gitsign)
-- gittuf
-- GUAC
-
-
 ## 2. Enforce full attestation and verification for protected branches
 
-Tool capability: monitor protected branches
-
-#### Tools
-- gittuf
-
-
 ## 3. Prevent committing secrets to the source code repository
 
 ## 4. Define individuals/teams that are responsible for code in a repository and associated coding conventions
@@ -43,4 +29,3 @@ Tool capability: monitor protected branches
 ## 12. Have a Key Rotation Policy
 
 ## 13. Use short-lived/ephemeral credentials for machine/service access
-
diff --git a/publications/supply-chain-security-tools/securing-source-code.md b/publications/supply-chain-security-tools/securing-source-code.md
@@ -8,19 +8,19 @@ Here are the list of requirements for securing the source code, which is a subca
 
 Tool capability: sign commits, verify signed commits
 
-#### Tools
+### Tools
+
 - Sigstore (gitsign)
 - gittuf
 - GUAC
 
-
 ## 2. Enforce full attestation and verification for protected branches
 
 Tool capability: monitor protected branches
 
-#### Tools
-- gittuf
+### Tools
 
+- gittuf
 
 ## 3. Prevent committing secrets to the source code repository
 
@@ -43,4 +43,3 @@ Tool capability: monitor protected branches
 ## 12. Have a Key Rotation Policy
 
 ## 13. Use short-lived/ephemeral credentials for machine/service access
-