From c25dacc33e6a443be1fa74943818a9acae14a96f Mon Sep 17 00:00:00 2001 From: Phill MV Date: Mon, 24 Jun 2024 13:32:51 -0400 Subject: [PATCH] Update pkg/cmd/attestation/verify/verify.go Co-authored-by: Andy Feller --- pkg/cmd/attestation/verify/verify.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/cmd/attestation/verify/verify.go b/pkg/cmd/attestation/verify/verify.go index 4db18e0b1..9ddf2f97f 100644 --- a/pkg/cmd/attestation/verify/verify.go +++ b/pkg/cmd/attestation/verify/verify.go @@ -64,7 +64,7 @@ func NewVerifyCmd(f *cmdutil.Factory, runF func(*Options) error) *cobra.Command located inside your repository. For this reason, by default this command uses either the %[1]s--repo%[1]s or the %[1]s--owner%[1]s flag value to validate the SAN. - However, sometimes the caller workflow is not be the same workflow that + However, sometimes the caller workflow is not the same workflow that performed the signing. If your attestation was generated via a reusable workflow, then that reusable workflow is the signer whose identity needs to be validated. In this situation, the signer workflow may or may not be located