diff --git a/README.md b/README.md index 458daf6..c46a157 100644 --- a/README.md +++ b/README.md @@ -1 +1 @@ -# slsa-provenance \ No newline at end of file +# slsa-verifier \ No newline at end of file diff --git a/go.mod b/go.mod index 56a3d33..4542c11 100644 --- a/go.mod +++ b/go.mod @@ -1,4 +1,4 @@ -module github.com/gossts/slsa-provenance +module github.com/slsa-framework/slsa-verifier go 1.17 diff --git a/main.go b/main.go index 7a48660..b6c50ec 100644 --- a/main.go +++ b/main.go @@ -11,8 +11,8 @@ import ( "log" "os" - "github.com/gossts/slsa-provenance/pkg" "github.com/sigstore/cosign/cmd/cosign/cli/rekor" + "github.com/slsa-framework/slsa-verifier/pkg" ) func usage(p string) { @@ -89,7 +89,7 @@ func verify(ctx context.Context, provenancePath, artifactHash, source string) er func main() { flag.StringVar(&provenancePath, "provenance", "", "path to a provenance file") flag.StringVar(&binaryPath, "binary", "", "path to a binary to verify") - flag.StringVar(&source, "source", "", "expected source repository that should have produced the binary, e.g. github.com/gossts/example") + flag.StringVar(&source, "source", "", "expected source repository that should have produced the binary, e.g. github.com/some/repo") flag.Parse() if provenancePath == "" || binaryPath == "" || source == "" { diff --git a/pkg/provenance.go b/pkg/provenance.go index 5413b90..55a0186 100644 --- a/pkg/provenance.go +++ b/pkg/provenance.go @@ -41,7 +41,7 @@ const ( defaultRekorAddr = "https://rekor.sigstore.dev" certOidcIssuer = "https://token.actions.githubusercontent.com" // TODO: Make this into a list. - trustedReusableWorkflow = "gossts/slsa-go/.github/workflows/builder.yml" + trustedReusableWorkflow = "slsa-framework/slsa-github-generator-go/.github/workflows/builder.yml" ) var ( diff --git a/pkg/provenance_test.go b/pkg/provenance_test.go index bbfb722..78994dd 100644 --- a/pkg/provenance_test.go +++ b/pkg/provenance_test.go @@ -193,7 +193,7 @@ func TestVerifyWorkflowIdentity(t *testing.T) { workflow: &WorkflowIdentity{ CallerRepository: "asraa/slsa-on-github-test", CallerHash: "0dfcd24824432c4ce587f79c918eef8fc2c44d7b", - JobWobWorkflowRef: "/gossts/slsa-go/.github/workflows/builder.yml@refs/heads/main", + JobWobWorkflowRef: "/slsa-framework/slsa-github-generator-go/.github/workflows/builder.yml@refs/heads/main", Trigger: "workflow_dispatch", Issuer: "https://bad.issuer.com", }, @@ -205,7 +205,7 @@ func TestVerifyWorkflowIdentity(t *testing.T) { workflow: &WorkflowIdentity{ CallerRepository: "malicious/slsa-on-github-test", CallerHash: "0dfcd24824432c4ce587f79c918eef8fc2c44d7b", - JobWobWorkflowRef: "/gossts/slsa-go/.github/workflows/builder.yml@refs/heads/main", + JobWobWorkflowRef: "/slsa-framework/slsa-github-generator-go/.github/workflows/builder.yml@refs/heads/main", Trigger: "workflow_dispatch", Issuer: "https://token.actions.githubusercontent.com", }, @@ -217,7 +217,7 @@ func TestVerifyWorkflowIdentity(t *testing.T) { workflow: &WorkflowIdentity{ CallerRepository: "asraa/slsa-on-github-test", CallerHash: "0dfcd24824432c4ce587f79c918eef8fc2c44d7b", - JobWobWorkflowRef: "/gossts/slsa-go/.github/workflows/builder.yml@refs/heads/main", + JobWobWorkflowRef: "/slsa-framework/slsa-github-generator-go/.github/workflows/builder.yml@refs/heads/main", Trigger: "workflow_dispatch", Issuer: "https://token.actions.githubusercontent.com", }, @@ -229,7 +229,7 @@ func TestVerifyWorkflowIdentity(t *testing.T) { workflow: &WorkflowIdentity{ CallerRepository: "asraa/slsa-on-github-test", CallerHash: "0dfcd24824432c4ce587f79c918eef8fc2c44d7b", - JobWobWorkflowRef: "/gossts/slsa-go/.github/workflows/builder.yml@refs/heads/main", + JobWobWorkflowRef: "/slsa-framework/slsa-github-generator-go/.github/workflows/builder.yml@refs/heads/main", Trigger: "workflow_dispatch", Issuer: "https://token.actions.githubusercontent.com", },