From 75032e9c357b5dc28d961055b5c93a7c9b9748b0 Mon Sep 17 00:00:00 2001 From: Raghav Kaul Date: Mon, 11 Sep 2023 17:02:11 +0000 Subject: [PATCH] update docs Signed-off-by: Raghav Kaul --- docs/checks.md | 2 +- docs/checks/internal/checks.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/checks.md b/docs/checks.md index 1102cece33a..f73aae54a67 100644 --- a/docs/checks.md +++ b/docs/checks.md @@ -598,7 +598,7 @@ This check looks for the following filenames in the project's last five If a signature is found in the assets for each release, a score of 8 is given. If a [SLSA provenance file](https://slsa.dev/spec/v0.1/index) is found in the assets for each release (*.intoto.jsonl), the maximum score of 10 is given. -This check ignores source code-only releases that are bundled by GitHub and looks for the most recent release with a associated artifact. +This check looks for the 30 most recent releases associated with an artifact. It ignores the source code-only releases that are created automatically by GitHub. Note: The check does not verify the signatures. diff --git a/docs/checks/internal/checks.yaml b/docs/checks/internal/checks.yaml index 13cb2fa2590..cac762cb5a2 100644 --- a/docs/checks/internal/checks.yaml +++ b/docs/checks/internal/checks.yaml @@ -630,7 +630,7 @@ checks: If a signature is found in the assets for each release, a score of 8 is given. If a [SLSA provenance file](https://slsa.dev/spec/v0.1/index) is found in the assets for each release (*.intoto.jsonl), the maximum score of 10 is given. - This check ignores source code-only releases that are bundled by GitHub and looks for the most recent release with a associated artifact. + This check looks for the 30 most recent releases associated with an artifact. It ignores the source code-only releases that are created automatically by GitHub. Note: The check does not verify the signatures. remediation: