diff --git a/ci/spelling-config.json b/ci/spelling-config.json
index eabc7a458..2d2989db1 100644
--- a/ci/spelling-config.json
+++ b/ci/spelling-config.json
@@ -60,6 +60,8 @@
         "frontmatter",
         "Gamal",
         "gconv",
+        "gitsign",
+        "gittuf",
         "GUAC",
         "helm",
         "HIPAA",
diff --git a/publications/supply-chain-security-tools/README.md b/publications/supply-chain-security-tools/README.md
new file mode 100644
index 000000000..1d80eade9
--- /dev/null
+++ b/publications/supply-chain-security-tools/README.md
@@ -0,0 +1,11 @@
+# Supply Chain Security Tools Mappings
+
+{{% blocks/lead color="white" align="left" %}}
+Find out what tools are used to secure the supply chain. Explore the general requirement categories below.
+{{% /blocks/lead %}}
+
+1. [Securing the Source Code](securing-source-code.md)
+2. [Securing Materials](securing-materials.md)
+3. [Securing Build Pipelines](securing-build-pipelines.md)
+4. [Securing Artifacts](securing-artifacts.md)
+5. [Securing Deployments](securing-deployments.md)
diff --git a/publications/supply-chain-security-tools/securing-artifacts.md b/publications/supply-chain-security-tools/securing-artifacts.md
new file mode 100644
index 000000000..91bbdbf33
--- /dev/null
+++ b/publications/supply-chain-security-tools/securing-artifacts.md
@@ -0,0 +1,108 @@
+# Securing Artifacts
+
+{{% blocks/lead color="white" align="left" %}}
+Here are the list of requirements for securing artifacts. Each one has a list of tools used to achieve it.
+{{% /blocks/lead %}}
+
+## 1. Sign Every Step in the Build Process
+
+### Tool capability
+
+- sign attestations for every step in the build process
+- define all expected steps in the build process with identities
+
+### Tools
+
+- SLSA (level 1)
+- in-toto
+- Tekton (chains)
+
+## 2. Validate the Signatures Generated at Each Step
+
+### Tool capability
+
+- verify attestations of every step
+
+### Tools
+
+- in-toto
+- Kyverno (signatures of output images are verified before running containers)
+
+## 3. Use TUF/Notary to manage signing of artefacts
+
+### Tool capability
+
+- delegate trust for specific artifacts to specific developers
+- enable developer signing of metadata
+- prevent rollback attacks on developer signatures
+
+### Tools
+
+- TUF
+- Tekton (chains uses Sigstore)
+- Kyverno (Kyverno supports Sigstore)
+
+## 4. Use a store to manage metadata from in-toto
+
+### Tool capability
+
+- store in-toto metadata
+
+### Tools
+
+- Sigstore (Rekor?)
+- in-toto (integrated with Rekor, Grafeas, Archivist etc.)
+- Tekton (chains)
+
+
+## 5. Limit which artefacts any given party is authorized to certify
+
+### Tool capability
+
+- specify trusted entities for each artifact in policy
+- enforce this limitation
+
+### Tools
+
+- in-toto
+- TUF
+- Kyverno (Kyverno policy on who is trusted for each signature)
+
+
+## 6. Build in a system for rotating and revoking private keys
+
+### Tool capability
+
+- change policy to revoke a trusted key
+- change policy to rotate a trusted key
+- communicate these changes to users
+
+### Tools
+
+- Sigstore (Fulcio)
+- in-toto (in-toto layouts can rotate and revoke keys for attestations, layout keys are managed separately such as by using TUF)
+- TUF
+- SPIFFE
+
+## 7. Use a container registry that supports OCI image-spec images
+
+### Tool capability
+
+- follow the OCI spec
+
+### Tools
+
+- Sigstore (cosign)
+- Tekton (Pipelines and Chains)
+- Kyverno (Kyverno works with OCI registries)
+
+## 8. Encrypt artefacts before distribution & ensure only authorized platforms have decryption capabilities
+
+### Tool capability
+
+- create policy for which platforms have decryption capabilities
+- enforce this policy
+
+### Tools
+
+- _none_
diff --git a/publications/supply-chain-security-tools/securing-build-pipelines.md b/publications/supply-chain-security-tools/securing-build-pipelines.md
new file mode 100644
index 000000000..760f9ed05
--- /dev/null
+++ b/publications/supply-chain-security-tools/securing-build-pipelines.md
@@ -0,0 +1,272 @@
+# Securing Build Pipelines
+
+{{% blocks/lead color="white" align="left" %}}
+Here are the list of requirements for securing build pipelines. Each one has a list of tools used to achieve it.
+{{% /blocks/lead %}}
+
+## 1. Cryptographically guarantee policy adherence
+
+### Tool capability
+
+- attest to steps
+- verify policy adherence
+- define the policy
+
+### Tools
+
+- SLSA (level 1)
+- in-toto
+
+
+## 2. Validate environments and dependencies before usage
+
+### Tool capability
+
+- validate dependencies
+- validate environments
+- verify signatures on build images
+
+### Tools
+
+- in-toto (in-toto can wrap the fetch / bootstrap processes and metadata can be consumed by upper-turtle processes via sublayouts)
+- SPIFFE (validates environments)
+- Tekton (there is an open TEP to integrate with SPIFFE to validate node/workload)
+- Kyverno (If the environment is a container, Kyverno can verify the policy (allowed source, signer))
+
+## 3. Validate runtime security of build workers
+
+### Tool capability
+
+- monitor runtime processes
+- attest to runtime operations
+- verify runtime attestations
+- trusted execution environment
+
+### Tools
+
+- in-toto (runtime trace attestations)
+
+## 4. Validate Build artifacts through verifiably reproducible builds
+
+### Tool capability
+
+- make reproducible build
+- re-build images in isolated environments (security enclaves/trust boundaries)
+- validate builds from multiple sources
+
+### Tools
+
+- in-toto
+- apko
+
+## 5. Lock and Verify External Requirements From The Build Process
+
+### Tool capability
+
+- lock and record external requirements
+- verify external requirements
+
+### Tools
+
+- apko
+
+## 6. Find and Eliminate Sources Of Non-Determinism
+
+### Tool capability
+
+- make diffs of builds
+
+### Tools
+
+- apko
+
+## 7. Record The Build Environment
+
+### Tool capability
+
+- record the build environment
+
+### Tools
+
+- SLSA (level 3)
+- in-toto (in-toto provides the formats, it's unopinionated about what's recorded)
+- apko
+- Tekton (Chains)
+
+## 8. Automate Creation Of The Build Environment
+
+### Tool capability
+
+- environment creation automation
+
+### Tools
+
+- apko
+- Tekton (Pipelines)
+
+## 9. Distribute Builds Across Different Infrastructure
+
+### Tool capability
+
+- define multiple infrastructure setups
+- run builds in multiple environments
+
+### Tools
+
+- Tekton (Pipelines)
+
+## 10. Build and related continuous integration/continuous delivery steps should all be automated through a pipeline defined as code
+
+### Tool capability
+
+- define pipeline in code
+- run pipeline as code
+
+### Tools
+
+- SLSA (level 1)
+- apko
+- Tekton (Pipelines)
+
+## 11. Standardize pipelines across projects
+
+### Tool capability
+
+- _none_
+
+### Tools
+
+- Tekton (Pipelines)
+
+## 12. Provision a secured orchestration platform to host software factory
+
+### Tool capability
+
+- perform secure orchestration
+
+### Tools
+
+- Tekton (Pipelines)
+
+## 13. Build Workers Should be Single Use
+
+### Tool capability
+
+- single-use containerized builders
+- verify that builders are single use
+- attest to build identity
+
+### Tools
+
+- SLSA (level 3)
+- in-toto (can be validated via runtime trace attestations)
+- Tekton (Pipelines)
+
+## 14. Ensure Software Factory has minimal network connectivity.
+
+### Tool capability
+
+- check for and monitor network connections
+
+### Tools
+
+- SLSA (level 3)
+- in-toto (can be validated via runtime trace attestations)
+
+## 15. Segregate the Duties of Each Build Worker
+
+### Tool capability
+
+- define scope of each build worker
+- attest to which build worker performs each action
+- verify that build workers follow the policy
+
+### Tools
+
+- in-toto
+- Tekton (Pipelines)
+
+## 15. Pass in Build Worker Environment and Commands
+
+### Tool capability
+
+- provision build workers with environment and commands within a hermetic build environment
+
+### Tools
+
+- in-toto (can be validated via runtime trace attestations)
+- Tekton (Pipelines)
+
+## 16. Write Output to a Separate Secured Storage Repo
+
+### Tool capability
+
+- secured storage repo
+
+### Tools
+
+- Sigstore (Rekor)
+- in-toto (depending on where you put the in-toto metadata)
+
+## 17. Only allow pipeline modifications through "pipeline as code"
+
+### Tool capability
+
+- attest to pipeline state and modifications
+- verify that pipeline modifications are made through pipeline as code
+- ensure pipeline goes through source control
+
+### Tools
+
+- SLSA (level 3)
+- Tekton (Pipelines)
+
+## 18. Define user roles
+
+### Tool capability
+
+- define user roles
+- attest to role for each action
+- enforce user roles
+
+### Tools
+
+- in-toto
+
+## 19. Follow established practices for establishing a root of trust from an offline source
+
+### Tool capability
+
+- securely distribute root of trust
+- chain from existing trusted root
+
+### Tools
+
+- TUF
+
+## 20. Use short-lived Workload Certificates
+
+### Tool capability
+
+- create short-lived certificates
+- verify short-lived certificates using their validity period
+- verify that workload certificates are short-lived
+
+### Tools
+
+- in-toto (integrates with SPIFFE/SPIRE)
+- SPIFFE
+- Tekton (TEP to integrate with SPIRE)
+
+## 21. Deploy monitoring tools to software factory to detect malicious behaviour
+
+### Tool capability
+
+- runtime monitoring
+- analysis of built artifacts
+
+### Tools
+
+- in-toto (runtime trace attestations generated using tools like tetragon)
+- SPIFFE
+- Tekton (TEP to integrate with SPIRE)
diff --git a/publications/supply-chain-security-tools/securing-deployments.md b/publications/supply-chain-security-tools/securing-deployments.md
new file mode 100644
index 000000000..f37396ebc
--- /dev/null
+++ b/publications/supply-chain-security-tools/securing-deployments.md
@@ -0,0 +1,42 @@
+# Securing Deployments
+
+{{% blocks/lead color="white" align="left" %}}
+Here are the list of requirements for securing deployments. Each one has a list of tools used to achieve it.
+{{% /blocks/lead %}}
+
+## 1. Ensure clients can perform Verification of Artefacts and associated metadata
+
+### Tool capability
+
+- perform client verification
+
+### Tools
+
+- Sigstore (cosign)
+- in-toto (in-toto implementations support verification of metadata against layouts)
+- TUF
+- Tekton (chains with sigstore)
+- Kyverno (Kyverno policies validate artifacts and metadata)
+
+
+## 2. Ensure clients can verify the "freshness" of files
+
+### Tool capability
+
+- verify freshness of files
+
+### Tools
+
+- Sigstore (Rekor)
+- TUF
+
+## 3. Use The Update Framework
+
+### Tool capability
+
+- support TUF metadata creation
+- support TUF metadata verification
+
+### Tools
+
+- TUF
diff --git a/publications/supply-chain-security-tools/securing-materials.md b/publications/supply-chain-security-tools/securing-materials.md
new file mode 100644
index 000000000..78b8e2a37
--- /dev/null
+++ b/publications/supply-chain-security-tools/securing-materials.md
@@ -0,0 +1,109 @@
+# Securing Materials
+
+{{% blocks/lead color="white" align="left" %}}
+Here are the list of requirements for securing materials. Each one has a list of tools used to achieve it.
+{{% /blocks/lead %}}
+
+## 1. Verify third party artefacts and open source libraries
+
+### Tool capability
+
+- attest to review
+- verify review attestations
+
+### Tools
+
+- in-toto (can be validated via alpha-omega attestations, review attestations)
+
+
+## 2. Require SBOM from third party supplier
+
+### Tool capability
+
+- generate accurate SBOM
+- verify SBOM existence
+- verify SBOM accuracy
+
+### Tools
+
+- _none_
+
+## 3. Track dependencies between open source components
+
+### Tool capability
+
+- create accurate SBOM
+- update SBOM
+
+### Tools
+
+- _none_
+
+## 4. Build libraries based upon source code
+
+### Tool capability
+
+- attest to build
+- verify attestation of build
+- maintain list of trusted sources for built software
+- attestation from third-party builder/distributor
+- publish hashes for pre-built software
+
+### Tools
+
+- in-toto
+- apko
+
+## 5. Define and prioritize trusted package managers and repositories
+
+### Tool capability
+
+- define trusted/prioritized repositories
+- enforce the priority
+
+### Tools
+
+- TUF
+
+## 6. Generate an immutable SBOM of the code
+
+### Tool capability
+
+- generate an accurate SBOM (signed)
+
+### Tools
+
+- in-toto (SBOM attestations)
+- apko
+
+## 7. Scan software for vulnerabilities
+
+### Tool capability
+
+- scan the software
+
+### Tools
+
+- in-toto
+
+## 8. Scan software for license implications
+
+### Tool capability
+
+- scan the software
+
+### Tools
+
+- _none_
+
+## 9. Run software composition analysis on ingested software
+
+### Tool capability
+
+- run software composition analysis
+- ingest an SBOM
+- verify an SBOM's claims
+
+### Tools
+
+- _none_
diff --git a/publications/supply-chain-security-tools/securing-source-code.md b/publications/supply-chain-security-tools/securing-source-code.md
new file mode 100644
index 000000000..7476b7305
--- /dev/null
+++ b/publications/supply-chain-security-tools/securing-source-code.md
@@ -0,0 +1,156 @@
+# Securing the Source Code
+
+{{% blocks/lead color="white" align="left" %}}
+Here are the list of requirements for securing the source code, which is a subcategory of the overall requirements for supply chain security. For each requirement is a list of tools used to meet that requirement.
+{{% /blocks/lead %}}
+
+## 1. Require signed commits
+
+### Tool capability
+
+- sign commits
+- verify signed commits
+
+### Tools
+
+- Sigstore (gitsign)
+- gittuf
+- GUAC
+
+## 2. Enforce full attestation and verification for protected branches
+
+### Tool capability
+
+- monitor protected branches
+
+### Tools
+
+- gittuf
+
+## 3. Prevent committing secrets to the source code repository
+
+### Tool capability
+
+- check commits
+- verify that no secrets are in the repository
+
+### Tools
+
+- _none_
+
+## 4. Define individuals/teams that are responsible for code in a repository and associated coding conventions
+
+### Tool capability
+
+- verifying coding conventions
+
+### Tools
+
+- GitHub
+- gittuf
+- GUAC
+
+## 5. Automate software security scanning and testing
+
+### Tool capability
+
+- scan software
+- perform tests
+- automation at build time
+- automation at production time
+- determine what to do with scan results
+
+### Tools
+
+- in-toto (test result attestations)
+
+## 6. Establish and adhere to contribution policies
+
+### Tool capability
+
+- check for contribution guidelines
+- DCO
+
+### Tools
+
+- GitHub
+
+## 7. Define roles aligned to functional responsibilities
+
+### Tool capability
+
+- none
+
+### Tools
+
+- GitHub
+- gittuf
+
+## 8. Enforce an independent four-eyes principle
+
+### Tool capability
+
+- require review before merge
+- attest to a review
+- verify attestation of review
+
+### Tools
+
+- SLSA (level 4)
+- in-toto (threshold of human review attestations)
+- GitHub
+
+
+## 9. Use branch protection rules
+
+### Tool capability
+
+- verify branch protection is turned on over time
+
+### Tools
+
+- GitHub
+- gittuf
+
+## 10. Enforce MFA for accessing source code repositories
+
+### Tool capability
+
+- enable MFA
+- verify MFA is enabled for all contributors
+
+### Tools
+
+- GitHub
+
+## 11. Use SSH keys to provide developers access to source code repositories
+
+### Tool capability
+
+- enforce that ssh keys are used (and disable https)
+
+### Tools
+
+- GitHub
+
+## 12. Have a Key Rotation Policy
+
+### Tool capability
+
+- key expiration
+- key distribution/PKI for ssh
+
+### Tools
+
+- gittuf
+
+## 13. Use short-lived/ephemeral credentials for machine/service access
+
+### Tool capability
+
+- require short-lived credentials
+
+### Tools
+
+- SPIFFE (maybe, spiffe does short-lived credentials, but not sure if anyone is using this for source code repos)
+
diff --git a/website/layouts/_default/search.html b/website/layouts/_default/search.html
index bbd1ecf8a..c778147c4 100644
--- a/website/layouts/_default/search.html
+++ b/website/layouts/_default/search.html
@@ -55,7 +55,7 @@ <h1 class="thin">{{ .Title }}</h1>
 
 		var newUrl = baseUrl + "?" + urlParams.toString();
 		// Update the browser history (optional)
-		window.history.pushState({}, null, newUrl);
+		history.replaceState(null, '', newUrl);
 	}
 	</script>