oracle · nathanwn · Aug 22, 2023 · Aug 21, 2023 · Aug 21, 2023 · Aug 22, 2023
@@ -7,6 +7,9 @@
    :description: macaron - A CI/CD security analysis tool for supply-chain attacks
    :keywords: CI/CD, SLSA, supply-chain security
 
+.. References/links
+.. _Witness: https://github.com/testifysec/witness
+
 =====================
 Macaron documentation
 =====================
@@ -29,6 +32,14 @@ Macaron is an analysis tool which focuses on the build process for an artifact a
 are at a high-level, Macaron first defines these requirements as specific
 concrete rules that can be checked automatically. Macaron has a customizable checker platform that makes it easy to define checks that depend on each other.
 
+---------------
+Getting started
+---------------
+
+To start with Macaron, see our :doc:`Installation </pages/installation>` and :doc:`Using </pages/using>` pages.
+
+For all services and technologies that Macaron supports, see our :doc:`Supported Technologies </pages/supported_technologies/index>` page.
+
 -------------------------
 Current checks in Macaron
 -------------------------
@@ -49,8 +60,11 @@ the requirements that are currently supported by Macaron.
      - **Scripted build** - All build steps were fully defined in a “build script”.
      - Identify and validate build script(s).
    * - 1
-     - **Provenance available** - The provenance is available.
-     - Check for existence of SLSA provenance. If there are no SLSA provenance, the repo can still be compliant to level 1 given the build script is available.
+     - **Provenance available** - Provenances are available.
+     - Check for existence of provenances, which can be SLSA or `Witness`_ provenances. If there is no provenance, the repo can still be compliant to level 1 given the build script is available.
+   * - 1
+     - **Witness provenance** - One or more `Witness`_ provenances are discovered.
+     - Check for existence of `Witness`_ provenances, and whether artifact digests match those in the provenances.
    * - 2
      - **Build service** - All build steps are run using some build service (e.g. GitHub Actions)
      - Identify and validate the CI service(s) used for the build process.
@@ -91,4 +105,5 @@ intermediate representations as abstractions. Using such abstractions, Macaron i
    pages/using
    pages/output_files
    pages/cli_usage/index
+   pages/supported_technologies/index
    pages/apidoc/index
@@ -0,0 +1,72 @@
+.. Copyright (c) 2023 - 2023, Oracle and/or its affiliates. All rights reserved.
+.. Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/.
+
+======================
+Supported Technologies
+======================
+
+------------
+Git Services
+------------
+
+.. list-table::
+   :header-rows: 1
+
+   * - Git Service
+   * - `GitHub <https://github.com>`_
+   * - `GitLab <https://gitlab.com>`_
+
+------------
+CI Services
+------------
+
+.. list-table::
+   :header-rows: 1
+
+   * - CI Service
+   * - `GitHub Actions <https://github.com/features/actions>`_
+
+
+------------------
+Package Registries
+------------------
+
+.. list-table::
+   :widths: 25 50 25
+   :header-rows: 1
+
+   * - Package Registry
+     - Support
+     - Documentation
+   * - `JFrog Artifactory <https://jfrog.com/artifactory>`_
+     - Only projects built with Gradle and publishing to a JFrog Artifactory repo following `Maven layout <https://maven.apache.org/repository/layout.html>`_
+     - :doc:`page </pages/supported_technologies/jfrog>`
+
+-----------
+Provenances
+-----------
+
+.. list-table::
+   :widths: 25 50 25
+   :header-rows: 1
+
+   * - Provenance
+     - Support
+     - Documentation
+   * - `SLSA <https://slsa.dev>`_
+     - Only provenances under `SLSA version 0.2 <https://slsa.dev/spec/v0.2/provenance>`_.
+     - :doc:`page </pages/supported_technologies/jfrog>`
+   * - `Witness <https://github.com/testifysec/witness>`_
+     - * Only provenances under Witness version 0.1
+       * Only projects built with Gradle on GitLab CI provenances and publishing provenances to JFrog Artifactory
+     - :doc:`page </pages/supported_technologies/jfrog>`
+
+--------
+See also
+--------
+
+.. toctree::
+   :maxdepth: 1
+
+   jfrog
+   witness
@@ -0,0 +1,6 @@
+.. Copyright (c) 2023 - 2023, Oracle and/or its affiliates. All rights reserved.
+.. Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/.
+
+=================
+JFrog Artifactory
+=================
@@ -0,0 +1,6 @@
+.. Copyright (c) 2023 - 2023, Oracle and/or its affiliates. All rights reserved.
+.. Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/.
+
+=======
+Witness
+=======