update

ossf · Aug 13, 2022 · c7200dd · c7200dd
1 parent 950b8dd
commit c7200dd
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 2 deletions.
diff --git a/.github/workflows/goreleaser.yaml b/.github/workflows/goreleaser.yaml
@@ -82,4 +82,4 @@ jobs:
     uses: slsa-framework/slsa-github-generator/.github/workflows/[email protected]
     with:
       base64-subjects: "${{ needs.goreleaser.outputs.hashes }}"
-      upload-assets: true # upload to a new release
+      upload-assets: true # upload to a new release
diff --git a/docs/checks.md b/docs/checks.md
@@ -535,7 +535,10 @@ Signed releases attest to the provenance of the artifact.
 
 This check looks for the following filenames in the project's last five
 releases: [*.minisig](https://github.com/jedisct1/minisign), *.asc (pgp),
-*.sig, *.sign.
+*.sig, *.sign, *.intoto.jsonl.
+
+If signatures are found for the releases, a score of 8 is given.
+If SLSA provenances are found for the releases, a maximum score of 10 is given.
 
 Note: The check does not verify the signatures.