📖 Fix links. (ossf#2703)

* Fix link. Signed-off-by: Theodore Tsirpanis <teo@tsirpanis.gr> * Update two more links. Signed-off-by: Theodore Tsirpanis <teo@tsirpanis.gr> --------- Signed-off-by: Theodore Tsirpanis <teo@tsirpanis.gr> Signed-off-by: Shofiya2003 <shofiyabootwala@gmail.com>
Shofiya2003 · Mar 10, 2023 · b8b3a18 · b8b3a18
1 parent 4b2a951
commit b8b3a18
Show file tree

Hide file tree

Showing 3 changed files with 3 additions and 3 deletions.
diff --git a/README.md b/README.md
@@ -203,7 +203,7 @@ Add the binary to your `GOPATH/bin` directory (use `go env GOPATH` to identify y
 
 ###### Verifying SLSA provenance for downloaded releases
 
-We generate [SLSA3 signatures](slsa.dev) using the OpenSSF's [slsa-framework/slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator) during the release process. To verify a release binary:
+We generate [SLSA3 signatures](https://slsa.dev) using the OpenSSF's [slsa-framework/slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator) during the release process. To verify a release binary:
 1. Install the verification tool from [slsa-framework/slsa-verifier#installation](https://github.com/slsa-framework/slsa-verifier#installation).
 2. Download the signature file `attestation.intoto.jsonl` from the [GitHub releases page](https://github.com/GoogleContainerTools/jib/releases/latest).
 3. Run the verifier:

diff --git a/docs/checks.md b/docs/checks.md
@@ -589,7 +589,7 @@ Signed releases attest to the provenance of the artifact.
 This check looks for the following filenames in the project's last five
 [release assets](https://docs.github.com/en/repositories/releasing-projects-on-github/about-releases):
 [*.minisig](https://github.com/jedisct1/minisign), *.asc (pgp),
-*.sig, *.sign, [*.intoto.jsonl](slsa.dev).
+*.sig, *.sign, [*.intoto.jsonl](https://slsa.dev).
 
 If a signature is found in the assets for each release, a score of 8 is given.
 If a [SLSA provenance file](https://slsa.dev/spec/v0.1/index) is found in the assets for each release (*.intoto.jsonl), the maximum score of 10 is given.

diff --git a/docs/checks/internal/checks.yaml b/docs/checks/internal/checks.yaml
@@ -621,7 +621,7 @@ checks:
       This check looks for the following filenames in the project's last five
       [release assets](https://docs.github.com/en/repositories/releasing-projects-on-github/about-releases):
       [*.minisig](https://github.com/jedisct1/minisign), *.asc (pgp),
-      *.sig, *.sign, [*.intoto.jsonl](slsa.dev).
+      *.sig, *.sign, [*.intoto.jsonl](https://slsa.dev).
 
       If a signature is found in the assets for each release, a score of 8 is given.
       If a [SLSA provenance file](https://slsa.dev/spec/v0.1/index) is found in the assets for each release (*.intoto.jsonl), the maximum score of 10 is given.