Add call to action for community contribution of supply chain tool mappings

evankanderson · evankanderson · commit 73e8c67f6a28 · 2025-10-01T09:39:04.000-07:00
diff --git a/community/publications/supply-chain-security-tools/README.md b/community/publications/supply-chain-security-tools/README.md
@@ -4,6 +4,8 @@
 Find out what tools are used to secure the supply chain. Explore the general requirement categories below.
 {{% /blocks/lead %}}
 
+This mapping is community maintained.  Feel free to add tools by opening a PR.
+
 1. [Securing the Source Code](securing-source-code.md)
 2. [Securing Materials](securing-materials.md)
 3. [Securing Build Pipelines](securing-build-pipelines.md)
diff --git a/community/publications/supply-chain-security-tools/securing-artifacts.md b/community/publications/supply-chain-security-tools/securing-artifacts.md
@@ -4,6 +4,8 @@
 Here are the list of requirements for securing artifacts. Each one has a list of tools used to achieve it.
 {{% /blocks/lead %}}
 
+This mapping is community maintained.  Feel free to add tools by opening a PR.
+
 ## 1. Sign Every Step in the Build Process
 
 ### Tool capability
diff --git a/community/publications/supply-chain-security-tools/securing-build-pipelines.md b/community/publications/supply-chain-security-tools/securing-build-pipelines.md
@@ -4,6 +4,8 @@
 Here are the list of requirements for securing build pipelines. Each one has a list of tools used to achieve it.
 {{% /blocks/lead %}}
 
+This mapping is community maintained.  Feel free to add tools by opening a PR.
+
 ## 1. Cryptographically guarantee policy adherence
 
 ### Tool capability
diff --git a/community/publications/supply-chain-security-tools/securing-deployments.md b/community/publications/supply-chain-security-tools/securing-deployments.md
@@ -4,6 +4,8 @@
 Here are the list of requirements for securing deployments. Each one has a list of tools used to achieve it.
 {{% /blocks/lead %}}
 
+This mapping is community maintained.  Feel free to add tools by opening a PR.
+
 ## 1. Ensure clients can perform Verification of Artefacts and associated metadata
 
 ### Tool capability
diff --git a/community/publications/supply-chain-security-tools/securing-materials.md b/community/publications/supply-chain-security-tools/securing-materials.md
@@ -4,6 +4,8 @@
 Here are the list of requirements for securing materials. Each one has a list of tools used to achieve it.
 {{% /blocks/lead %}}
 
+This mapping is community maintained.  Feel free to add tools by opening a PR.
+
 ## 1. Verify third party artefacts and open source libraries
 
 ### Tool capability
diff --git a/community/publications/supply-chain-security-tools/securing-source-code.md b/community/publications/supply-chain-security-tools/securing-source-code.md
@@ -4,6 +4,8 @@
 Here are the list of requirements for securing the source code, which is a subcategory of the overall requirements for supply chain security. For each requirement is a list of tools used to meet that requirement.
 {{% /blocks/lead %}}
 
+This mapping is community maintained.  Feel free to add tools by opening a PR.
+
 ## 1. Require signed commits
 
 ### Tool capability
