resize image

Signed-off-by: laurentsimon <[email protected]>
slsa-framework · Aug 18, 2023 · 5554f3b · 5554f3b
1 parent b1c195c
commit 5554f3b
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/docs/_posts/2023-08-28-bring-your-own-builder-github.md b/docs/_posts/2023-08-28-bring-your-own-builder-github.md
@@ -25,7 +25,7 @@ The BYOB framework provides a set of GitHub Actions and workflows that helps bui
 
 ![action-release](https://github.com/slsa-framework/slsa/assets/64505099/367ecc46-28f6-4029-853e-161a028e6a35)
 
-To solve this problem, you could turn your Action into a Reusable Workflow. This results in `MyAction` running in a VM under your control, not the caller's control. In fact, this is how the SLSA Go, Node.js, and Container builders work. This option is depicted in the diagram below: The project's `release.yml` calls the Reusable Workflow `MyReusableWorkflow` which in turn calls `MyAction` and generates provenance for the run.
+To solve this problem, you could turn your Action into a Reusable Workflow. This results in `MyAction` running in a VM under your control, not the caller's control. This option is depicted in the diagram below: The project's `release.yml` calls the Reusable Workflow `MyReusableWorkflow` which in turn calls `MyAction` and generates provenance for the run.
 
 ![action-reusable](https://github.com/slsa-framework/slsa/assets/64505099/a0603e5f-4ebb-4c93-8216-b63f22bcf08d)
 
@@ -77,7 +77,7 @@ These Java builders can publish provenance attestation on Maven central. Additio
 
 To verify the provenance of an artifact built by the Maven builder, we need to download the artifact and its provenance. In this example, we download them from Maven central. Maven Central lets users browse the files of each release, and from there we can find the artifacts along with their provenance files:
 
-![Maven provenance link](https://github.com/slsa-framework/slsa/assets/64505099/14ff1de1-a30c-4683-860c-352dc490c1ef)
+![Maven provenance link](https://github.com/slsa-framework/slsa/assets/64505099/562a945d-df51-4473-9eac-a297779536be)
 
 The [slsa-verifier](https://github.com/slsa-framework/slsa-verifier) can be used to verify the provenance. The tool verifies the signature on the provenance and the source used to build the artifact, as per the [SLSA specifications](/spec/v1.0/verifying-artifacts).