slsa-framework · lehors · Apr 4, 2025 · Mar 25, 2025 · Mar 25, 2025 · Mar 25, 2025
diff --git a/docs/_data/nav/config.yml b/docs/_data/nav/config.yml
@@ -9,7 +9,8 @@ url_to_key:
   v1: v10
   v1-rc1: v10-rc1
   v1-rc2: v10-rc2
-  v1.1: v11
+  v1.1-rc1: v11-rc1
+  v1.1-rc2: v11-rc2
   latest: v10
 
 # TODO: when viewing spec v0.1, it would be better to link to attestations v0.2.

diff --git a/docs/_data/nav/main.yml b/docs/_data/nav/main.yml
@@ -8,12 +8,12 @@
   url: /current-activities
   description: What the SLSA community is currently working on
 
-- title: SLSA Specification 1.1 Draft
+- title: SLSA v1.1 RC2
   description: >
     These pages describe SLSA's security levels and requirements for each track.
     If you want to achieve SLSA a particular level, these are the requirements
     you'll need to meet.
-  url: /spec/v1.1/
+  url: /spec/v1.1-rc2/
   children:
 
   - title: Understanding SLSA
@@ -24,31 +24,31 @@
     children:
 
     - title: What's new in v1.1
-      url: /spec/v1.1/whats-new
+      url: /spec/v1.1-rc2/whats-new
       description: What's new in SLSA Version 1.1
 
     - title: About SLSA
-      url: /spec/v1.1/about
+      url: /spec/v1.1-rc2/about
       description: An introductory guide to SLSA
 
     - title: Supply chain threats
-      url: /spec/v1.1/threats-overview
+      url: /spec/v1.1-rc2/threats-overview
       description: An introduction to supply chain threats
 
     - title: Use cases
-      url: /spec/v1.1/use-cases
+      url: /spec/v1.1-rc2/use-cases
       description: Use cases
 
     - title: Guiding principles
-      url: /spec/v1.1/principles
+      url: /spec/v1.1-rc2/principles
       description: Use cases
 
     - title: FAQ
-      url: /spec/v1.1/faq
+      url: /spec/v1.1-rc2/faq
       description: Questions and more information
 
     - title: Future directions
-      url: /spec/v1.1/future-directions
+      url: /spec/v1.1-rc2/future-directions
       description: Additions and changes being considered for future SLSA versions
 
   - title: Core specification
@@ -59,31 +59,31 @@
     children:
 
     - title: Terminology
-      url: /spec/v1.1/terminology
+      url: /spec/v1.1-rc2/terminology
       description: Terminology and model used by SLSA
 
     - title: Security levels
-      url: /spec/v1.1/levels
+      url: /spec/v1.1-rc2/levels
       description: Overview of SLSA's tracks and levels, intended for all audiences
 
     - title: Producing artifacts
-      url: /spec/v1.1/requirements
+      url: /spec/v1.1-rc2/requirements
       description: Detailed technical requirements for producing software artifacts, intended for platform implementers
 
     - title: Distributing provenance
-      url: /spec/v1.1/distributing-provenance
+      url: /spec/v1.1-rc2/distributing-provenance
       description: Detailed technical requirements for distributing provenance, intended for platform implementers and software distributors
 
     - title: Verifying artifacts
-      url: /spec/v1.1/verifying-artifacts
+      url: /spec/v1.1-rc2/verifying-artifacts
       description: Guidance for verifying software artifacts and their SLSA provenance, intended for platform implementers and software consumers
 
     - title: Verifying build platforms
-      url: /spec/v1.1/verifying-systems
+      url: /spec/v1.1-rc2/verifying-systems
       description: Guidelines for securing SLSA Build L3+ builders, intended for platform implementers
 
     - title: Threats & mitigations
-      url: /spec/v1.1/threats
+      url: /spec/v1.1-rc2/threats
       description: Detailed information about specific supply chain attacks and how SLSA helps
 
   - title: Attestation formats
@@ -94,22 +94,123 @@
     children:
 
     - title: General model
-      url: /spec/v1.1/attestation-model
+      url: /spec/v1.1-rc2/attestation-model
       description: General attestation mode
 
     - title: Provenance
-      url: /spec/v1.1/provenance
+      url: /spec/v1.1-rc2/provenance
       description: Suggested provenance format and explanation
 
     - title: Verification Summary
-      url: /spec/v1.1/verification_summary
+      url: /spec/v1.1-rc2/verification_summary
       description: Suggested VSA format and explanation
 
   - title: Single-page view
-    url: /spec/v1.1/onepage
+    url: /spec/v1.1-rc2/onepage
     skip_next_prev: true  # don't show as a next/prev link
 
-- title: SLSA Specification 1.0
+- title: SLSA v1.1 RC1
+  description: >
+    These pages describe SLSA's security levels and requirements for each track.
+    If you want to achieve SLSA a particular level, these are the requirements
+    you'll need to meet.
+  url: /spec/v1.1-rc1/
+  children:
+
+  - title: Understanding SLSA
+    description: >
+      These pages provide an overview of SLSA, how it helps protect against common
+      supply chain attacks, and common use cases. If you're new to SLSA or
+      supply chain security, start here.
+    children:
+
+    - title: What's new in v1.1
+      url: /spec/v1.1-rc1/whats-new
+      description: What's new in SLSA Version 1.1
+
+    - title: About SLSA
+      url: /spec/v1.1-rc1/about
+      description: An introductory guide to SLSA
+
+    - title: Supply chain threats
+      url: /spec/v1.1-rc1/threats-overview
+      description: An introduction to supply chain threats
+
+    - title: Use cases
+      url: /spec/v1.1-rc1/use-cases
+      description: Use cases
+
+    - title: Guiding principles
+      url: /spec/v1.1-rc1/principles
+      description: Use cases
+
+    - title: FAQ
+      url: /spec/v1.1-rc1/faq
+      description: Questions and more information
+
+    - title: Future directions
+      url: /spec/v1.1-rc1/future-directions
+      description: Additions and changes being considered for future SLSA versions
+
+  - title: Core specification
+    description: >
+      These pages describe SLSA's security levels and requirements for each track.
+      If you want to achieve SLSA a particular level, these are the requirements
+      you'll need to meet.
+    children:
+
+    - title: Terminology
+      url: /spec/v1.1-rc1/terminology
+      description: Terminology and model used by SLSA
+
+    - title: Security levels
+      url: /spec/v1.1-rc1/levels
+      description: Overview of SLSA's tracks and levels, intended for all audiences
+
+    - title: Producing artifacts
+      url: /spec/v1.1-rc1/requirements
+      description: Detailed technical requirements for producing software artifacts, intended for platform implementers
+
+    - title: Distributing provenance
+      url: /spec/v1.1-rc1/distributing-provenance
+      description: Detailed technical requirements for distributing provenance, intended for platform implementers and software distributors
+
+    - title: Verifying artifacts
+      url: /spec/v1.1-rc1/verifying-artifacts
+      description: Guidance for verifying software artifacts and their SLSA provenance, intended for platform implementers and software consumers
+
+    - title: Verifying build platforms
+      url: /spec/v1.1-rc1/verifying-systems
+      description: Guidelines for securing SLSA Build L3+ builders, intended for platform implementers
+
+    - title: Threats & mitigations
+      url: /spec/v1.1-rc1/threats
+      description: Detailed information about specific supply chain attacks and how SLSA helps
+
+  - title: Attestation formats
+    description: >
+      These pages include the concrete schemas for SLSA attestations. The
+      Provenance and VSA formats are recommended, but not required by the
+      specification.
+    children:
+
+    - title: General model
+      url: /spec/v1.1-rc1/attestation-model
+      description: General attestation mode
+
+    - title: Provenance
+      url: /spec/v1.1-rc1/provenance
+      description: Suggested provenance format and explanation
+
+    - title: Verification Summary
+      url: /spec/v1.1-rc1/verification_summary
+      description: Suggested VSA format and explanation
+
+  - title: Single-page view
+    url: /spec/v1.1-rc1/onepage
+    skip_next_prev: true  # don't show as a next/prev link
+
+- title: SLSA v1.0
   description: >
     These pages describe SLSA's security levels and requirements for each track.
     If you want to achieve SLSA a particular level, these are the requirements

diff --git a/docs/_data/nav/v1.1.yml → docs/_data/nav/v1.1-rc1.yml b/docs/_data/nav/v1.1.yml → docs/_data/nav/v1.1-rc1.yml
@@ -8,8 +8,8 @@
   url: /current-activities
   description: What the SLSA community is currently working on
 
-- title: SLSA Specification 1.1
-  url: /spec/v1.1/
+- title: SLSA Specification 1.1 RC1
+  url: /spec/v1.1-rc1/
 
 - title: Understanding SLSA
   description: >
@@ -19,31 +19,31 @@
   children:
 
   - title: What's new in v1.1
-    url: /spec/v1.1/whats-new
+    url: /spec/v1.1-rc1/whats-new
     description: What's new in SLSA Version 1.1
 
   - title: About SLSA
-    url: /spec/v1.1/about
+    url: /spec/v1.1-rc1/about
     description: An introductory guide to SLSA
 
   - title: Supply chain threats
-    url: /spec/v1.1/threats-overview
+    url: /spec/v1.1-rc1/threats-overview
     description: An introduction to supply chain threats
 
   - title: Use cases
-    url: /spec/v1.1/use-cases
+    url: /spec/v1.1-rc1/use-cases
     description: Use cases
 
   - title: Guiding principles
-    url: /spec/v1.1/principles
+    url: /spec/v1.1-rc1/principles
     description: Use cases
 
   - title: FAQ
-    url: /spec/v1.1/faq
+    url: /spec/v1.1-rc1/faq
     description: Questions and more information
 
   - title: Future directions
-    url: /spec/v1.1/future-directions
+    url: /spec/v1.1-rc1/future-directions
     description: Additions and changes being considered for future SLSA versions
 
 - title: Core specification
@@ -54,31 +54,31 @@
   children:
 
   - title: Terminology
-    url: /spec/v1.1/terminology
+    url: /spec/v1.1-rc1/terminology
     description: Terminology and model used by SLSA
 
   - title: Security levels
-    url: /spec/v1.1/levels
+    url: /spec/v1.1-rc1/levels
     description: Overview of SLSA's tracks and levels, intended for all audiences
 
   - title: Producing artifacts
-    url: /spec/v1.1/requirements
+    url: /spec/v1.1-rc1/requirements
     description: Detailed technical requirements for producing software artifacts, intended for platform implementers
 
   - title: Distributing provenance
-    url: /spec/v1.1/distributing-provenance
+    url: /spec/v1.1-rc1/distributing-provenance
     description: Detailed technical requirements for distributing provenance, intended for platform implementers and software distributors
 
   - title: Verifying artifacts
-    url: /spec/v1.1/verifying-artifacts
+    url: /spec/v1.1-rc1/verifying-artifacts
     description: Guidance for verifying software artifacts and their SLSA provenance, intended for platform implementers and software consumers
 
   - title: Verifying build platforms
-    url: /spec/v1.1/verifying-systems
+    url: /spec/v1.1-rc1/verifying-systems
     description: Guidelines for securing SLSA Build L3+ builders, intended for platform implementers
 
   - title: Threats & mitigations
-    url: /spec/v1.1/threats
+    url: /spec/v1.1-rc1/threats
     description: Detailed information about specific supply chain attacks and how SLSA helps
 
 - title: Attestation formats
@@ -89,15 +89,15 @@
   children:
 
   - title: General model
-    url: /spec/v1.1/attestation-model
+    url: /spec/v1.1-rc1/attestation-model
     description: General attestation mode
 
   - title: Provenance
-    url: /spec/v1.1/provenance
+    url: /spec/v1.1-rc1/provenance
     description: Suggested provenance format and explanation
 
   - title: Verification Summary
-    url: /spec/v1.1/verification_summary
+    url: /spec/v1.1-rc1/verification_summary
     description: Suggested VSA format and explanation
 
 - title: How to SLSA
@@ -128,5 +128,5 @@
   url: /blog
 
 - title: Single-page view
-  url: /spec/v1.1/onepage
+  url: /spec/v1.1-rc1/onepage
   skip_next_prev: true  # don't show as a next/prev link