From c9f9fac7dc36b5cab36cd0788b1da42423b0972d Mon Sep 17 00:00:00 2001 From: Phill MV Date: Mon, 24 Jun 2024 13:33:10 -0400 Subject: [PATCH] Update pkg/cmd/attestation/verify/verify.go Co-authored-by: Andy Feller --- pkg/cmd/attestation/verify/verify.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkg/cmd/attestation/verify/verify.go b/pkg/cmd/attestation/verify/verify.go index 9ddf2f97f..60196583a 100644 --- a/pkg/cmd/attestation/verify/verify.go +++ b/pkg/cmd/attestation/verify/verify.go @@ -58,8 +58,8 @@ func NewVerifyCmd(f *cmdutil.Factory, runF func(*Options) error) *cobra.Command To see the full results that are generated upon successful verification, i.e. for use with a policy engine, provide the %[1]s--format=json%[1]s flag. - The signer workflow's identity is validated against the attestation's - certificate's Subject Alternative Name (SAN). Often, the signer workflow is the + The signer workflow's identity is validated against the Subject Alternative Name (SAN) + within the attestation certificate. Often, the signer workflow is the same workflow that started the run and generated the attestation, and will be located inside your repository. For this reason, by default this command uses either the %[1]s--repo%[1]s or the %[1]s--owner%[1]s flag value to validate the SAN.