STACKITGit/cli
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

wording

Browse source 
Signed-off-by: Meredith Lancaster <malancas@github.com>
This commit is contained in:
Meredith Lancaster 2024-11-18 12:16:12 -07:00
parent 6ca5e6f18c
commit cfbc1c7e10
1 changed files with 4 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

10
pkg/cmd/attestation/verification/policy.go
View file

@ -65,15 +65,13 @@ The following policy criteria will be enforced against all attestations:
}
if c.Certificate.RunnerEnvironment == GitHubRunner {
info += "\n- Attestation must be signed by a certificate that was generated by a Action workflow executed in a GitHub hosted runner"
}
if c.SANRegex != "" {
info += fmt.Sprintf("\n- Attestation must be signed by a certificate with a Subject Alternative Name matching the regex %s", c.SANRegex)
info += "\n- Attestation's signing certificate must be generated by an Action workflow executed in a GitHub hosted runner"
}
if c.SAN != "" {
info += fmt.Sprintf("\n- Attestation must be signed by a certificate with a Subject Alternative Name matching the exact value %s", c.SAN)
info += fmt.Sprintf("\n- Attestation's signing certificate must have a Subject Alternative Name matching the exact value %s", c.SAN)
} else if c.SANRegex != "" {
info += fmt.Sprintf("\n- Attestation's signing certificate must have a Subject Alternative Name matching the regex %s", c.SANRegex)
}
return info