✨ Update package names and other references (#9)

* Update repo/project names

* update

README.md

@@ -1 +1 @@
-# slsa-provenance
+# slsa-verifier

go.mod

@@ -1,4 +1,4 @@
-module github.com/gossts/slsa-provenance
+module github.com/slsa-framework/slsa-verifier
 
 go 1.17
 

main.go

@@ -11,8 +11,8 @@ import (
 	"log"
 	"os"
 
-	"github.com/gossts/slsa-provenance/pkg"
 	"github.com/sigstore/cosign/cmd/cosign/cli/rekor"
+	"github.com/slsa-framework/slsa-verifier/pkg"
 )
 
 func usage(p string) {
@@ -89,7 +89,7 @@ func verify(ctx context.Context, provenancePath, artifactHash, source string) er
 func main() {
 	flag.StringVar(&provenancePath, "provenance", "", "path to a provenance file")
 	flag.StringVar(&binaryPath, "binary", "", "path to a binary to verify")
-	flag.StringVar(&source, "source", "", "expected source repository that should have produced the binary, e.g. github.com/gossts/example")
+	flag.StringVar(&source, "source", "", "expected source repository that should have produced the binary, e.g. github.com/some/repo")
 	flag.Parse()
 
 	if provenancePath == "" || binaryPath == "" || source == "" {

pkg/provenance.go

@@ -41,7 +41,7 @@ const (
 	defaultRekorAddr = "https://rekor.sigstore.dev"
 	certOidcIssuer   = "https://token.actions.githubusercontent.com"
 	// TODO: Make this into a list.
-	trustedReusableWorkflow = "gossts/slsa-go/.github/workflows/builder.yml"
+	trustedReusableWorkflow = "slsa-framework/slsa-github-generator-go/.github/workflows/builder.yml"
 )
 
 var (

pkg/provenance_test.go

@@ -193,7 +193,7 @@ func TestVerifyWorkflowIdentity(t *testing.T) {
 			workflow: &WorkflowIdentity{
 				CallerRepository:  "asraa/slsa-on-github-test",
 				CallerHash:        "0dfcd24824432c4ce587f79c918eef8fc2c44d7b",
-				JobWobWorkflowRef: "/gossts/slsa-go/.github/workflows/builder.yml@refs/heads/main",
+				JobWobWorkflowRef: "/slsa-framework/slsa-github-generator-go/.github/workflows/builder.yml@refs/heads/main",
 				Trigger:           "workflow_dispatch",
 				Issuer:            "https://bad.issuer.com",
 			},
@@ -205,7 +205,7 @@ func TestVerifyWorkflowIdentity(t *testing.T) {
 			workflow: &WorkflowIdentity{
 				CallerRepository:  "malicious/slsa-on-github-test",
 				CallerHash:        "0dfcd24824432c4ce587f79c918eef8fc2c44d7b",
-				JobWobWorkflowRef: "/gossts/slsa-go/.github/workflows/builder.yml@refs/heads/main",
+				JobWobWorkflowRef: "/slsa-framework/slsa-github-generator-go/.github/workflows/builder.yml@refs/heads/main",
 				Trigger:           "workflow_dispatch",
 				Issuer:            "https://token.actions.githubusercontent.com",
 			},
@@ -217,7 +217,7 @@ func TestVerifyWorkflowIdentity(t *testing.T) {
 			workflow: &WorkflowIdentity{
 				CallerRepository:  "asraa/slsa-on-github-test",
 				CallerHash:        "0dfcd24824432c4ce587f79c918eef8fc2c44d7b",
-				JobWobWorkflowRef: "/gossts/slsa-go/.github/workflows/builder.yml@refs/heads/main",
+				JobWobWorkflowRef: "/slsa-framework/slsa-github-generator-go/.github/workflows/builder.yml@refs/heads/main",
 				Trigger:           "workflow_dispatch",
 				Issuer:            "https://token.actions.githubusercontent.com",
 			},
@@ -229,7 +229,7 @@ func TestVerifyWorkflowIdentity(t *testing.T) {
 			workflow: &WorkflowIdentity{
 				CallerRepository:  "asraa/slsa-on-github-test",
 				CallerHash:        "0dfcd24824432c4ce587f79c918eef8fc2c44d7b",
-				JobWobWorkflowRef: "/gossts/slsa-go/.github/workflows/builder.yml@refs/heads/main",
+				JobWobWorkflowRef: "/slsa-framework/slsa-github-generator-go/.github/workflows/builder.yml@refs/heads/main",
 				Trigger:           "workflow_dispatch",
 				Issuer:            "https://token.actions.githubusercontent.com",
 			},