From 8bf59093dc2f0cba83d31a8efddcf7b87e6d4d4d Mon Sep 17 00:00:00 2001
From: Martin Monperrus <martin.monperrus@gnieh.org>
Date: Sat, 14 Sep 2024 09:01:12 +0200
Subject: [PATCH 1/2] add maven-lockfile

Signed-off-by: Martin Monperrus <martin.monperrus@gnieh.org>
---
 .../supply-chain-security-tools/securing-build-pipelines.md      | 1 +
 1 file changed, 1 insertion(+)

diff --git a/community/publications/supply-chain-security-tools/securing-build-pipelines.md b/community/publications/supply-chain-security-tools/securing-build-pipelines.md
index 760f9ed05..60e8221f5 100644
--- a/community/publications/supply-chain-security-tools/securing-build-pipelines.md
+++ b/community/publications/supply-chain-security-tools/securing-build-pipelines.md
@@ -69,6 +69,7 @@ Here are the list of requirements for securing build pipelines. Each one has a l
 ### Tools
 
 - apko
+- [maven-lockfile](https://github.com/chains-project/maven-lockfile/) for Java/Maven
 
 ## 6. Find and Eliminate Sources Of Non-Determinism
 

From 005042d61ff9890585bc1881b3f20b4c4e16709b Mon Sep 17 00:00:00 2001
From: Martin Monperrus <martin.monperrus@gnieh.org>
Date: Fri, 13 Dec 2024 22:59:25 +0100
Subject: [PATCH 2/2] Update securing-build-pipelines.md

Signed-off-by: Martin Monperrus <martin.monperrus@gnieh.org>
---
 .../supply-chain-security-tools/securing-build-pipelines.md    | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/community/publications/supply-chain-security-tools/securing-build-pipelines.md b/community/publications/supply-chain-security-tools/securing-build-pipelines.md
index 60e8221f5..01471936e 100644
--- a/community/publications/supply-chain-security-tools/securing-build-pipelines.md
+++ b/community/publications/supply-chain-security-tools/securing-build-pipelines.md
@@ -17,7 +17,6 @@ Here are the list of requirements for securing build pipelines. Each one has a l
 - SLSA (level 1)
 - in-toto
 
-
 ## 2. Validate environments and dependencies before usage
 
 ### Tool capability
@@ -163,7 +162,7 @@ Here are the list of requirements for securing build pipelines. Each one has a l
 - in-toto (can be validated via runtime trace attestations)
 - Tekton (Pipelines)
 
-## 14. Ensure Software Factory has minimal network connectivity.
+## 14. Ensure Software Factory has minimal network connectivity
 
 ### Tool capability