diff --git a/checks/signed_releases.go b/checks/signed_releases.go index 2cf6940560f..2b9e7b88899 100644 --- a/checks/signed_releases.go +++ b/checks/signed_releases.go @@ -28,7 +28,7 @@ const ( releaseLookBack = 5 ) -var artifactExtensions = []string{".asc", ".minisig", ".sig"} +var artifactExtensions = []string{".asc", ".minisig", ".sig", ".sign"} //nolint:gochecknoinits func init() { diff --git a/docs/checks.md b/docs/checks.md index 283d2fbc2f4..247006fb4e0 100644 --- a/docs/checks.md +++ b/docs/checks.md @@ -495,7 +495,7 @@ Signed releases attest to the provenance of the artifact. This check looks for the following filenames in the project's last five releases: [*.minisig ](https://github.com/jedisct1/minisign), *.asc (pgp), -*.sign. +*.sig, *.sign. Note: The check does not verify the signatures. diff --git a/docs/checks/internal/checks.yaml b/docs/checks/internal/checks.yaml index 0f6f58a5182..2a5827d1b39 100644 --- a/docs/checks/internal/checks.yaml +++ b/docs/checks/internal/checks.yaml @@ -568,7 +568,7 @@ checks: This check looks for the following filenames in the project's last five releases: [*.minisig ](https://github.com/jedisct1/minisign), *.asc (pgp), - *.sign. + *.sig, *.sign. Note: The check does not verify the signatures. remediation: