Open
Description
Currently, the "Using Macaron" page on the Macaron HTML documentation has a few issues. Possible improvements include:
- Clearly separating different use cases of Macaron into top-level sections: There should be one top-level section for
macaron analyze
and another top-level section formacaron verify-policy
. Within each top-level section, there can be subsections explaining different options for that action/use case. - Focusing on communicating the use case as opposed to lower-level details in the section headings.
The outline may look like the following:
1. Analyze the SLSA posture of a repository
1.1. Analyze a remote repository
1.2. With an SBOM
1.3. With provenance expectations (in cue lang)
1.4. Analyze a local repository
2. Verify a repository against user-defined expectations (with souffle datalog policy engine)