Merge pull request #4060 from replicatedhq/cross-ref-sbom-slsa-pages

Cross-reference SBOM and SDK SLSA validation pages

Author: paigecalvert

docs/enterprise/sbom-validating.md

@@ -8,6 +8,8 @@ A _software bill of materials_ (SBOM) is an inventory of all components used to
 
 When you install software, validating an SBOM signature can help you understand exactly what the software package is installing. This information can help you ensure that the files are compatible with your licensing policies and help determine whether there is exposure to CVEs.
 
+For information about validating the Replicated SDK, including SLSA provenance, image signatures, and SBOM attestations, see [Validate provenance of releases for the Replicated SDK](/vendor/replicated-sdk-slsa-validating).
+
 ## Prerequisite
 
 Before you perform these tasks, you must install cosign. For more information, see the [sigstore repository](https://github.com/sigstore/cosign) in GitHub.

docs/vendor/replicated-sdk-slsa-validating.md

@@ -152,3 +152,5 @@ The script performs the following checks:
    - Validates that the SecureBuild keyless identity signed the SPDX SBOM attestation
 
 For more information about the SDK release process, see [Manage releases with the Vendor Portal](/vendor/releases-creating-releases).
+
+For information about validating SBOM signatures for other Replicated components such as KOTS, kURL, and Troubleshoot, see [Validate SBOM signatures](/enterprise/sbom-validating).