From a28ce3cd68c655dacaa769edff8a8d5ed77721d3 Mon Sep 17 00:00:00 2001 From: behnazh-w Date: Tue, 16 Jan 2024 11:30:34 +1000 Subject: [PATCH 1/2] docs: add the SCORED paper to README.md Signed-off-by: behnazh-w --- README.md | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/README.md b/README.md index 475dffec6..1e6796fc9 100644 --- a/README.md +++ b/README.md @@ -21,6 +21,7 @@ To see the full list of supported technologies, such as CI services, registries, * [Getting started](#getting-started) * [How to Contribute](#how-to-contribute) * [Defining new checks](#defining-new-checks) +* [Publications](#publications) * [Security issue reports](#security-issue-reports) * [License](#license) @@ -40,6 +41,25 @@ After cloning a repository, Macaron parses the CI configuration files and bash s To learn how to define your own checks, see the steps in the [checks documentation](/src/macaron/slsa_analyzer/checks/README.md). +## Publications + +* Behnaz Hassanshahi, Trong Nhan Mai, Alistair Michael, Benjamin Selwyn-Smith, Sophie Bates, and Padmanabhan Krishnan: [Macaron: A Logic-based Framework for Software Supply Chain Security Assurance.](https://dl.acm.org/doi/abs/10.1145/3605770.3625213) SCORED 2023. (Best paper award) + ```tex + @inproceedings{10.1145/3605770.3625213, + author = {Hassanshahi, Behnaz and Mai, Trong Nhan and Michael, Alistair and Selwyn-Smith, Benjamin and Bates, Sophie and Krishnan, Padmanabhan}, + title = {Macaron: A Logic-Based Framework for Software Supply Chain Security Assurance}, + year = {2023}, + isbn = {9798400702631}, + publisher = {Association for Computing Machinery}, + url = {https://doi.org/10.1145/3605770.3625213}, + doi = {10.1145/3605770.3625213}, + booktitle = {Proceedings of the 2023 Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses}, + pages = {29–37}, + series = {SCORED'23} + } + ``` + + ## Generating SLSA provenances for Macaron itself We have integrated [SLSA provenance generation](https://github.com/slsa-framework/slsa-github-generator) for our Docker image and release artifacts. However, due to a strict policy regarding the use of third-party GitHub Actions, we cannot generate the provenances in this repository yet until [this issue](https://github.com/slsa-framework/slsa-github-generator/issues/2204) is resolved. From 48bcc33d25aa3e3e86b818512cdac8fdfabbd6cb Mon Sep 17 00:00:00 2001 From: behnazh-w Date: Tue, 16 Jan 2024 17:16:54 +1000 Subject: [PATCH 2/2] chore: address PR review Signed-off-by: behnazh-w --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 1e6796fc9..fc8247125 100644 --- a/README.md +++ b/README.md @@ -43,7 +43,7 @@ To learn how to define your own checks, see the steps in the [checks documentati ## Publications -* Behnaz Hassanshahi, Trong Nhan Mai, Alistair Michael, Benjamin Selwyn-Smith, Sophie Bates, and Padmanabhan Krishnan: [Macaron: A Logic-based Framework for Software Supply Chain Security Assurance.](https://dl.acm.org/doi/abs/10.1145/3605770.3625213) SCORED 2023. (Best paper award) +* Behnaz Hassanshahi, Trong Nhan Mai, Alistair Michael, Benjamin Selwyn-Smith, Sophie Bates, and Padmanabhan Krishnan: [Macaron: A Logic-based Framework for Software Supply Chain Security Assurance](https://dl.acm.org/doi/abs/10.1145/3605770.3625213). SCORED 2023. Best paper award :trophy: ```tex @inproceedings{10.1145/3605770.3625213, author = {Hassanshahi, Behnaz and Mai, Trong Nhan and Michael, Alistair and Selwyn-Smith, Benjamin and Bates, Sophie and Krishnan, Padmanabhan}, @@ -70,5 +70,5 @@ Please consult the [security guide](./SECURITY.md) for our responsible security ## License -Copyright (c) 2022, 2023 Oracle and/or its affiliates. +Copyright (c) 2022, 2024 Oracle and/or its affiliates. Macaron is licensed under the [Universal Permissive License (UPL), Version 1.0](./LICENSE.txt).