From 8e3c3a760cf672ef0d948036131da3167cc0ee37 Mon Sep 17 00:00:00 2001
From: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
Date: Mon, 25 Apr 2022 09:23:54 -0700
Subject: [PATCH] builder name (#37)

---
 pkg/provenance.go | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/pkg/provenance.go b/pkg/provenance.go
index 60a9ddc..a170c83 100644
--- a/pkg/provenance.go
+++ b/pkg/provenance.go
@@ -42,10 +42,14 @@ import (
 const (
 	defaultRekorAddr = "https://rekor.sigstore.dev"
 	certOidcIssuer   = "https://token.actions.githubusercontent.com"
-	// TODO: Make this into a list.
-	trustedReusableWorkflow = "slsa-framework/slsa-github-generator-go/.github/workflows/builder.yml"
 )
 
+// TODO: remove builder.yml
+var trustedReusableWorkflows = map[string]bool{
+	"slsa-framework/slsa-github-generator-go/.github/workflows/slsa3_builder.yml": true,
+	"slsa-framework/slsa-github-generator-go/.github/workflows/builder.yml":       true,
+}
+
 var (
 	ErrorInvalidDssePayload   = errors.New("invalid DSSE envelope payload")
 	errorRekorSearch          = errors.New("error searching rekor entries")
@@ -377,7 +381,7 @@ func VerifyWorkflowIdentity(id *WorkflowIdentity, source string) error {
 		return errors.New("malformed URI for workflow")
 	}
 
-	if !strings.EqualFold(strings.Trim(workflowPath[0], "/"), trustedReusableWorkflow) {
+	if _, ok := trustedReusableWorkflows[strings.Trim(workflowPath[0], "/")]; !ok {
 		return errors.New("untrusted reuseable workflow")
 	}