making final changes

Signed-off-by: chaosinthecrd <[email protected]>
ChaosInTheCRD · Feb 20, 2024 · 3335058 · 3335058
1 parent ecfe115
commit 3335058
Show file tree

Hide file tree

Showing 12 changed files with 905 additions and 465 deletions.
diff --git a/.gitignore b/.gitignore
@@ -12,3 +12,5 @@ test/scorecard.json
 log
 sarif-report.json
 test/log
+node_modules
+.DS_Store
diff --git a/README.md b/README.md
@@ -5,7 +5,7 @@
 
 **[DOCS](https://witness.dev) •
 [CONTRIBUTING](/CONTRIBUTING.md) •
-[LICENSE](../LICENSE)**
+[LICENSE](/LICENSE)**
 
 `bash <(curl -s https://raw.githubusercontent.com/in-toto/witness/main/install-witness.sh)`
 </center>

diff --git a/docs-website/.docusaurus/docusaurus.config.mjs b/docs-website/.docusaurus/docusaurus.config.mjs
@@ -44,7 +44,7 @@ export default {
     ]
   ],
   "themeConfig": {
-    "image": "img/docusaurus-social-card.jpg",
+    "image": "img/witness-og.png",
     "navbar": {
       "title": "Witness",
       "logo": {

diff --git a/docs-website/docusaurus.config.js b/docs-website/docusaurus.config.js
@@ -62,7 +62,7 @@ const config = {
     /** @type {import('@docusaurus/preset-classic').ThemeConfig} */
     ({
       // Replace with your project's social card
-      image: 'img/docusaurus-social-card.jpg',
+      image: 'img/witness-og.png',
       navbar: {
         title: 'Witness',
         logo: {

diff --git a/docs-website/static/img/docusaurus-social-card.jpg b/docs-website/static/img/docusaurus-social-card.jpg
diff --git a/docs-website/static/img/favicon.ico b/docs-website/static/img/favicon.ico
diff --git a/docs-website/static/img/witness-og.png b/docs-website/static/img/witness-og.png
diff --git a/docs-website/yarn.lock b/docs-website/yarn.lock
diff --git a/docs/about/how-witness-works.md b/docs/about/how-witness-works.md
@@ -1,11 +1,11 @@
 # How Witness Works
 
 ### Signing
-Witness is able to observe your software development life-cycle (SDLC) by wrapping around commands executed within them. By passing any command to Witness as an argument, the tool is able to understand what was executed but also on what infrastructure, by what user or service account and more. The information that Witness gathers while the command is running is down to which [Attestors](docs/attestor.md) are used. Attestors are implementations of an interface that find and assert facts about the system Witness is running on (e.g., [AWS Attestor](docs/attestors/aws-iid.md)). Finally, Witness can compile this information into an [in-toto attestation](https://github.com/in-toto/attestation), place it in a [DSSE Envelope](https://github.com/secure-systems-lab/dsse) and sign that envelope with the key that was supplied by the user. 
+Witness is able to observe your software development life-cycle (SDLC) by wrapping around commands executed within them. By passing any command to Witness as an argument, the tool is able to understand what was executed but also on what infrastructure, by what user or service account and more. The information that Witness gathers while the command is running is down to which [Attestors](/docs/concepts/attestor.md) are used. Attestors are implementations of an interface that find and assert facts about the system Witness is running on (e.g., [AWS Attestor](docs/attestors/aws-iid.md)). Finally, Witness can compile this information into an [in-toto attestation](https://github.com/in-toto/attestation), place it in a [DSSE Envelope](https://github.com/secure-systems-lab/dsse) and sign that envelope with the key that was supplied by the user. 
 
 ### Storing
 For storage, the Witness project can upload signed attestations to an [Archivista](https://github.com/in-toto/archivista) server, a graph and storage service for in-toto attestations. This enables the discovery and retrieval of attestations for verification of software artifacts.
 
 ### Verifying
-Witness allows users to verify the attestations that they generate by providing the `witness verify` command. To achieve this, Witness uses a [policy file](./docs/policy.md) defined by the user to check for presence of the expected attestations and that they were signed by the appropriate functionaries (Public keys or roots of trust that are trusted to sign certain types of attestation). To verify the attestation body itself, Witness supports defining [OPA Rego](https://www.openpolicyagent.org/docs/latest/policy-language/) policies inside the policy file. This allows users to ensure the facts asserted by the Attestors are reported expected.
+Witness allows users to verify the attestations that they generate by providing the `witness verify` command. To achieve this, Witness uses a [policy file](./docs/concepts/policy.md) defined by the user to check for presence of the expected attestations and that they were signed by the appropriate functionaries (Public keys or roots of trust that are trusted to sign certain types of attestation). To verify the attestation body itself, Witness supports defining [OPA Rego](https://www.openpolicyagent.org/docs/latest/policy-language/) policies inside the policy file. This allows users to ensure the facts asserted by the Attestors are reported expected.
 
diff --git a/docs/tutorials/artifact-policy.md b/docs/tutorials/artifact-policy.md
@@ -12,7 +12,7 @@ successfully, you will need the following:
 - [wget](https://www.gnu.org/software/wget/)
 - [base64](https://www.gnu.org/software/coreutils/manual/html_node/base64-invocation.html) (which is part of GNU coreutils)
 
-You will also of course need to have witness installed, which can be achieved by following the [Quick Start](../README.md#quick-start).
+You will also of course need to have witness installed, which can be achieved by following the [Quick Start](/README.md#quick-start).
 
 ## Let's Go!
 
@@ -185,7 +185,7 @@ steps:
       name: build
 ```
 
-For this step, we expect to find an [Attestation Collection](../attestor.md) that contains three types of attestation: material, product and command-run:
+For this step, we expect to find an [Attestation Collection](/docs/concepts/attestor.md) that contains three types of attestation: material, product and command-run:
 ```
   attestations:
     - type: https://witness.dev/attestations/material/v0.1

diff --git a/docs/tutorials/getting-started.md b/docs/tutorials/getting-started.md
@@ -9,7 +9,7 @@ successfully, you will need the following:
 - [jq](https://jqlang.github.io/jq/)
 - [base64](https://www.gnu.org/software/coreutils/manual/html_node/base64-invocation.html) (which is part of GNU coreutils)
 
-You will also of course need to have witness installed, which can be achieved by following the [Quick Start](../README.md#quick-start).
+You will also of course need to have witness installed, which can be achieved by following the [Quick Start](/README.md#quick-start).
 
 ## Let's Go!
 
@@ -65,7 +65,7 @@ cat test-att.json | jq -r .payload | base64 -d | jq
 
 ### 5. Create a Policy File
 
-Look [here](docs/policy.md) for full documentation on Witness Policies.
+Look [here](/docs/policy.md) for full documentation on Witness Policies.
 
 > - Make sure to replace the keys in this file with the ones from the step above (sed command below).
 > - Rego policies should be base64 encoded

diff --git a/docs/tutorials/sigstore-keyless.md b/docs/tutorials/sigstore-keyless.md
@@ -13,7 +13,7 @@ successfully, you will need the following:
 - [openssl](https://www.openssl.org/)
 - [base64](https://www.gnu.org/software/coreutils/manual/html_node/base64-invocation.html) (which is part of GNU coreutils)
 
-You will also of course need to have witness installed, which can be achieved by following the [Quick Start](../README.md#quick-start).
+You will also of course need to have witness installed, which can be achieved by following the [Quick Start](/README.md#quick-start).
 
 ### Get Rid of the Old Stuff
 If you tried any of our other tutorials, you might have some files lying around in the your working directory that will interfere with this tutorial. Be sure to get rid of them, particularly `test.txt`, as Witness will not record file hashes for products that exist in the filesystem before its invocation.