fixed format

DarikshaAnsari · Aug 28, 2024 · 9fbb94f · 9fbb94f
1 parent 7c6a4da
commit 9fbb94f
Show file tree

Hide file tree

Showing 15 changed files with 419 additions and 214 deletions.
diff --git a/.prettierignore b/.prettierignore
@@ -1,15 +1,2 @@
-.*
-/*
-!/content
-/content/*
-!/content/en
-/content/en/*
-
-!/content/en/docs
-/content/en/docs/*
-!/content/en/docs/_index.md
-
-!/content/en/docs/adding-content
-/content/en/docs/adding-content/*
-
-!/content/en/docs/adding-content/lookandfeel.md
+/themes
+/layouts
diff --git a/assets/scss/_styles_project.scss b/assets/scss/_styles_project.scss
@@ -2,7 +2,7 @@
 
 /* Custom styles for the navbar */
 .td-navbar {
-  background-color: $primary  !important; /* Set background color to black */
+  background-color: $primary !important; /* Set background color to black */
   opacity: 1; /* Ensure the navbar is fully opaque */
 }
 

diff --git a/assets/scss/_variables_project.scss b/assets/scss/_variables_project.scss
@@ -1,12 +1,19 @@
 /* Updated color scheme to match the background image */
 
 $in-toto-colors: (
-  'orange': #ed4b27,       // Keep existing
-  'orange-light': #f47a39, // Keep existing
-  'blue': #1b2838,         // Darker blue for better contrast
-  'blue-light': #a3b5c8,   // Lighter blue for accentss
+  'orange': #ed4b27,
+  // Keep existing
+  'orange-light': #f47a39,
+  // Keep existing
+  'blue': #1b2838,
+  // Darker blue for better contrast
+  'blue-light': #a3b5c8,
+  // Lighter blue for accentss
 );
 
-$primary: map-get($in-toto-colors, 'blue');       // Darker blue for primary elements
-$secondary: map-get($in-toto-colors, 'orange');   // Bright orange for secondary elements
+$primary: map-get($in-toto-colors, 'blue'); // Darker blue for primary elements
+$secondary: map-get(
+  $in-toto-colors,
+  'orange'
+); // Bright orange for secondary elements
 $td-enable-google-fonts: false;
diff --git a/content/en/_index.md b/content/en/_index.md
@@ -4,36 +4,42 @@ description: A framework to secure the integrity of software supply chains
 ---
 
 {{% blocks/cover image_anchor="top" height="max" %}}
+
 <!-- prettier-ignore -->
 <img src="/images/in-toto-horizontal-white.svg" alt="in-toto" class="in-toto-logo" style="max-width: 40rem; height: auto;">
 
 <!-- prettier-ignore -->
 {{% param description %}}
 {.display-6}
 
-<a class="btn btn-lg btn-primary me-3" href="docs/what-is-in-toto/">Learn More</a>
-<a class="btn btn-lg btn-primary me-3" href="https://github.com/in-toto/demo">Try the demo</a>
-<a class="btn btn-lg btn-primary" href="https://github.com/in-toto/friends">Explore integrations</a>
+<a class="btn btn-lg btn-primary me-3" href="docs/what-is-in-toto/">Learn
+More</a>
+<a class="btn btn-lg btn-primary me-3" href="https://github.com/in-toto/demo">Try
+the demo</a>
+<a class="btn btn-lg btn-primary" href="https://github.com/in-toto/friends">Explore
+integrations</a> 
 {.p-initial .my-5}
+
 <div class="h3 mt-4">
 <a class="btn btn-lg btn-secondary" href="docs/getting-started/">Get started <i class="fas fa-arrow-right"></i></a>
 </div>
 {{% blocks/link-down color="info" %}}
 {{% /blocks/cover %}}
 
-{{% blocks/lead color="primary" %}}
-**in-toto is designed to ensure the integrity of a software product from initiation to end-user installation. It does so by making it transparent to the user what steps were performed, by whom and in what order.**
-{{% /blocks/lead %}}
+{{% blocks/lead color="primary" %}} **in-toto is designed to ensure the
+integrity of a software product from initiation to end-user installation. It
+does so by making it transparent to the user what steps were performed, by whom
+and in what order.** {{% /blocks/lead %}}
 
 {{% blocks/section color="dark" type="row" %}}
 
 {{% blocks/feature icon="fa-solid fa-lock" title="Software supply chain protection" url="/docs/system-overview/" %}}
-**Supply chain compromises are becoming a frequent occurrence. in-toto can help you protect your software supply chain.**
-{{% /blocks/feature %}}
+**Supply chain compromises are becoming a frequent occurrence. in-toto can help
+you protect your software supply chain.** {{% /blocks/feature %}}
 
 {{% blocks/feature icon="fa-solid fa-book" title="Open, extensible standard" url="/docs/specs/" %}}
-**in-toto is an open metadata standard that you can implement in your software's supply chain toolchain.**
-{{% /blocks/feature %}}
+**in-toto is an open metadata standard that you can implement in your software's
+supply chain toolchain.** {{% /blocks/feature %}}
 
 {{% blocks/feature icon="fa-solid fa-gear" title="Extensive tooling" url="https://github.com/in-toto" %}}
 **You can use in-toto today by using our Apache-licensed libraries and tools.**
@@ -43,7 +49,7 @@ description: A framework to secure the integrity of software supply chains
 
 {{% blocks/section color="secondary" type="cncf" %}}
 
-**in-toto is a [CNCF][] [incubating][] project**.<br> 
+**in-toto is a [CNCF][] [incubating][] project**.<br>
 
 [![CNCF logo][]][cncf]
 

diff --git a/content/en/blog/2023/security-audit-23.md b/content/en/blog/2023/security-audit-23.md
@@ -2,7 +2,8 @@
 title: Security Audit '23
 description: Explore our latest security audits and findings.
 date: 2023-05-11
-author: 'Aditya Sirish, [NYU Secure Systems Lab](https://ssl.engineering.nyu.edu)'
+author:
+  'Aditya Sirish, [NYU Secure Systems Lab](https://ssl.engineering.nyu.edu)'
 ---
 
 We are excited to announce completion of a source code audit of the in-toto
@@ -39,15 +40,16 @@ all security findings and GitHub issues for the informational findings
 It shall be noted that all security-relevant issues can be mitigated by a
 correct usage of in-toto, or by understanding its scope. In fact the issue
 marked high-severity was well known to us as a possible use pattern and had an
-issue open for several years.  Thus, our fixes consist, above all, of
-clarifications in the specification and usage documentation.  Below we give an
+issue open for several years. Thus, our fixes consist, above all, of
+clarifications in the specification and usage documentation. Below we give an
 overview of all security-relevant findings and our response to them. More
 comprehensive details can be found in the linked advisories and the
 [report](/2023-security-audit-report.pdf).
 
 ### File Metadata Ignored (medium severity)
 
-Advisory: [GHSA-wqrg-wjp9-wqfq](https://github.com/in-toto/docs/security/advisories/GHSA-wqrg-wjp9-wqfq)
+Advisory:
+[GHSA-wqrg-wjp9-wqfq](https://github.com/in-toto/docs/security/advisories/GHSA-wqrg-wjp9-wqfq)
 
 in-toto does not verify the integrity of file metadata. This might allow
 attackers to provoke privilege escalation or degradation of the final product.
@@ -59,9 +61,11 @@ as part of the file contents.
 
 ### Configuration Read From Local Directory (medium severity)
 
-Advisory: [GHSA-wqrg-wjp9-wqfq](https://github.com/in-toto/in-toto/security/advisories/GHSA-wc64-c5rv-32pf)
+Advisory:
+[GHSA-wqrg-wjp9-wqfq](https://github.com/in-toto/in-toto/security/advisories/GHSA-wc64-c5rv-32pf)
 
-CVE: [CVE-2023-32076](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32076)
+CVE:
+[CVE-2023-32076](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32076)
 
 The link generation tool of the reference implementation can be configured using
 RC files stored in directories following the XDG base directory specification.
@@ -70,15 +74,16 @@ attacker that controls the inputs to a step may compromise the link metadata and
 evade detection by including such a configuration with their materials in
 transit, which, e.g. filter certain artifacts from being recorded.
 
-This is a special case of  “Functionaries Do Not Perform Verification”, which is
+This is a special case of “Functionaries Do Not Perform Verification”, which is
 described below. Further, after conversations with in-toto adopters, we realized
 that while RC files are widely used by other systems, in-toto users typically
 set configurations using API parameters or CLI arguments. As such, we removed
 support for RC files from the reference implementation.
 
 ### Layout Replay (low severity)
 
-Advisory: [GHSA-73jv-h86v-c2vh](https://github.com/in-toto/docs/security/advisories/GHSA-73jv-h86v-c2vh)
+Advisory:
+[GHSA-73jv-h86v-c2vh](https://github.com/in-toto/docs/security/advisories/GHSA-73jv-h86v-c2vh)
 
 It is possible for an attacker to replay an older, since-replaced layout that
 has not yet expired.
@@ -93,7 +98,8 @@ conjunction with in-toto to defend against layout replay attacks.
 
 ### Link File Reuse (medium severity)
 
-Advisory: [GHSA-6q78-j78h-pqm2](https://github.com/in-toto/docs/security/advisories/GHSA-6q78-j78h-pqm2)
+Advisory:
+[GHSA-6q78-j78h-pqm2](https://github.com/in-toto/docs/security/advisories/GHSA-6q78-j78h-pqm2)
 
 Link metadata files are not inherently tied to a layout, which might allow an
 attacker to replay steps by replacing link files with ones from an earlier
@@ -107,7 +113,8 @@ ITE-3 are designed to prevent unallowed metadata reuse.
 
 ### Functionaries Do Not Perform Verification (high severity)
 
-Advisory: [GHSA-p86f-xmg6-9q4x](https://github.com/in-toto/docs/security/advisories/GHSA-p86f-xmg6-9q4x)
+Advisory:
+[GHSA-p86f-xmg6-9q4x](https://github.com/in-toto/docs/security/advisories/GHSA-p86f-xmg6-9q4x)
 
 An attacker, who controls the product in transit, may compromise the whole
 supply chain and stay undetected, by modifying only the product in transit, and
@@ -124,7 +131,8 @@ we have added, can be found in the advisory.
 
 ### Several PGP Issues (varying severity)
 
-Advisory: [GHSA-jjgp-whrp-gq8m](https://github.com/in-toto/in-toto/security/advisories/GHSA-jjgp-whrp-gq8m)
+Advisory:
+[GHSA-jjgp-whrp-gq8m](https://github.com/in-toto/in-toto/security/advisories/GHSA-jjgp-whrp-gq8m)
 
 PGP keys in the reference implementation are not validated when verifying
 metadata signatures. More specifically, in-toto does not check if the validity

diff --git a/content/en/community/_index.md b/content/en/community/_index.md
@@ -6,4 +6,3 @@ cascade:
 ---
 
 {{% community-lists %}}
-
diff --git a/content/en/docs/faq.md b/content/en/docs/faq.md
@@ -6,15 +6,22 @@ weight: 10
 
 ### Why the name “in-toto”?
 
-in-toto is Latin for "as a whole." We chose the name because our objective with in-toto is to build a system to protect the whole software supply chain.
+in-toto is Latin for "as a whole." We chose the name because our objective with
+in-toto is to build a system to protect the whole software supply chain.
 
 ### What is the difference between in-toto and The Update Framework?
-[The Update Framework](https://theupdateframework.io) (TUF) provides a framework that can be used to secure update systems, i.e. the "last mile," whereas in-toto lets you verify the whole software supply chain. TUF and in-toto can play together very well, as you can use TUF to deliver updates and their corresponding in-toto metadata.
+
+[The Update Framework](https://theupdateframework.io) (TUF) provides a framework
+that can be used to secure update systems, i.e. the "last mile," whereas in-toto
+lets you verify the whole software supply chain. TUF and in-toto can play
+together very well, as you can use TUF to deliver updates and their
+corresponding in-toto metadata.
 
 ### Is Python 3 supported?
 
 Yes, Python 3 is supported with in-toto.
 
 ### Is there a timeline for the support of Python 2.7?
 
-We have released the final version of in-toto, v1.0.1, that supports Python 2. Our next release, at the end of April 2021, will drop support for Python 2.
+We have released the final version of in-toto, v1.0.1, that supports Python 2.
+Our next release, at the end of April 2021, will drop support for Python 2.