From 8bf59093dc2f0cba83d31a8efddcf7b87e6d4d4d Mon Sep 17 00:00:00 2001
From: Martin Monperrus <martin.monperrus@gnieh.org>
Date: Sat, 14 Sep 2024 09:01:12 +0200
Subject: [PATCH] add maven-lockfile

Signed-off-by: Martin Monperrus <martin.monperrus@gnieh.org>
---
 .../supply-chain-security-tools/securing-build-pipelines.md      | 1 +
 1 file changed, 1 insertion(+)

diff --git a/community/publications/supply-chain-security-tools/securing-build-pipelines.md b/community/publications/supply-chain-security-tools/securing-build-pipelines.md
index 760f9ed05..60e8221f5 100644
--- a/community/publications/supply-chain-security-tools/securing-build-pipelines.md
+++ b/community/publications/supply-chain-security-tools/securing-build-pipelines.md
@@ -69,6 +69,7 @@ Here are the list of requirements for securing build pipelines. Each one has a l
 ### Tools
 
 - apko
+- [maven-lockfile](https://github.com/chains-project/maven-lockfile/) for Java/Maven
 
 ## 6. Find and Eliminate Sources Of Non-Determinism