From 4c494ff9d29e8755293c25e0a5e61561da2a7b40 Mon Sep 17 00:00:00 2001
From: laurentsimon <laurentsimon@google.com>
Date: Sat, 13 Aug 2022 01:12:59 +0000
Subject: [PATCH] update

---
 docs/checks/internal/checks.yaml | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/docs/checks/internal/checks.yaml b/docs/checks/internal/checks.yaml
index 34ae0b4e935f..66ffc5ff9100 100644
--- a/docs/checks/internal/checks.yaml
+++ b/docs/checks/internal/checks.yaml
@@ -581,11 +581,12 @@ checks:
       Signed releases attest to the provenance of the artifact.
 
       This check looks for the following filenames in the project's last five
-      releases: [*.minisig](https://github.com/jedisct1/minisign), *.asc (pgp),
+      [release assets](https://docs.github.com/en/repositories/releasing-projects-on-github/about-releases):
+      [*.minisig](https://github.com/jedisct1/minisign), *.asc (pgp),
       *.sig, *.sign, [*.intoto.jsonl](slsa.dev).
 
-      If signatures are found for the releases, a score of 8 is given.
-      If SLSA provenances are found for the releases (*.intoto.jsonl), the maximum score of 10 is given.
+      If a signature is found in the assets for each release, a score of 8 is given.
+      If a SLSA provenances is found in the assets for each release (*.intoto.jsonl), the maximum score of 10 is given.
       (For more information about SLSA provenance, see [slsa.dev](slsa.dev)).
 
       Note: The check does not verify the signatures.