The Software Supply Chain Attribute Integrity, or SCAI (pronounced "sky"), specification proposes a data format for capturing functional attribute and integrity information about software artifacts and their supply chain. SCAI data can be associated with executable binaries, statically- or dynamically-linked libraries, software packages, container images, software toolchains, and compute environments. As such, SCAI is intended to be implemented as part of an existing software supply chain attestation framework by software development tools or services (e.g., builders, CI/CD pipelines, software analysis tools) seeking to capture more granular information about the attributes and behavior of the software artifacts they produce. That is, SCAI assumes that implementers will have appropriate processes and tooling in place for capturing other types of software supply chain metadata, which can be extended to add support for SCAI.

翻译：软件供应链属性完整性（SCAI，读音为“sky”）规范提出了一种数据格式，用于捕获软件制品及其供应链中功能属性与完整性信息。SCAI数据可与可执行二进制文件、静态或动态链接库、软件包、容器镜像、软件工具链及计算环境相关联。因此，SCAI旨在作为现有软件供应链证明框架的组成部分，由软件开发工具或服务（如构建器、CI/CD流水线、软件分析工具）实施，以获取其生成的软件制品属性和行为方面更细粒度的信息。即，SCAI假定实施方已具备相应的流程和工具来捕获其他类型的软件供应链元数据，并可扩展这些工具以添加对SCAI的支持。