diff --git a/attest/vcs_test.go b/attest/vcs_test.go
index 1ad00f8..0ef3db6 100644
--- a/attest/vcs_test.go
+++ b/attest/vcs_test.go
@@ -37,102 +37,56 @@ func (tc vcsTestCase) Name() string {
 
 func TestVCS(t *testing.T) {
 	testCases := []vcsTestCase{
+		// {
+		// 	URL:             "https://github.com/stefanprodan/podinfo",
+		// 	CheckoutTag:     "6.7.0", // => 0b1481aa8ed0a6c34af84f779824a74200d5c1d6
+		// 	LoadPath:        "kustomize",
+		// 	ExpectManifests: []string{"kustomization.yaml", "deployment.yaml", "hpa.yaml", "service.yaml"},
+		// 	ExpectImageTags: []string{"6.7.0"},
+		// 	ExpectRawTags:   []string{"6.7.0"},
+		// },
+		// {
+		// 	URL:             "https://github.com/stefanprodan/podinfo",
+		// 	CheckoutHash:    "0b1481aa8ed0a6c34af84f779824a74200d5c1d6", // => 6.7.0
+		// 	Branch:          "master",
+		// 	LoadPath:        "kustomize",
+		// 	ExpectManifests: []string{"kustomization.yaml", "deployment.yaml", "hpa.yaml", "service.yaml"},
+		// 	ExpectImageTags: []string{"6.7.0"},
+		// 	ExpectRawTags:   []string{"6.7.0"},
+		// },
 		{
-			URL:             "https://github.com/stefanprodan/podinfo",
-			CheckoutTag:     "6.7.0", // => 0b1481aa8ed0a6c34af84f779824a74200d5c1d6
-			LoadPath:        "kustomize",
-			ExpectManifests: []string{"kustomization.yaml", "deployment.yaml", "hpa.yaml", "service.yaml"},
-			ExpectImageTags: []string{"6.7.0"},
-			ExpectRawTags:   []string{"6.7.0"},
-		},
-		{
-			URL:             "https://github.com/stefanprodan/podinfo",
-			CheckoutHash:    "0b1481aa8ed0a6c34af84f779824a74200d5c1d6", // => 6.7.0
-			Branch:          "master",
-			LoadPath:        "kustomize",
-			ExpectManifests: []string{"kustomization.yaml", "deployment.yaml", "hpa.yaml", "service.yaml"},
-			ExpectImageTags: []string{"6.7.0"},
-			ExpectRawTags:   []string{"6.7.0"},
-		},
-		{
-			URL:             "https://github.com/stefanprodan/podinfo",
-			CheckoutHash:    "ba6f4ffd7cba98ea2ef52bee7c1bead8e1d6a7d3", // pre-6.7.0
-			Branch:          "master",
-			LoadPath:        "kustomize",
+			URL:             "https://github.com/errordeveloper/tape-git-testing",
+			CheckoutHash:    "3cad1d255c1d83b5e523de64d34758609498d81b",
+			Branch:          "main",
+			LoadPath:        "",
 			ExpectManifests: []string{"kustomization.yaml", "deployment.yaml", "hpa.yaml", "service.yaml"},
 			ExpectImageTags: nil,
 			ExpectRawTags:   nil,
 		},
 		{
-			URL:             "https://github.com/stefanprodan/podinfo",
-			CheckoutTag:     "6.6.1",
-			Branch:          "master",
-			LoadPath:        "kustomize",
-			ExpectManifests: []string{"kustomization.yaml", "deployment.yaml", "hpa.yaml", "service.yaml"},
-			ExpectImageTags: []string{"6.6.1"},
-			ExpectRawTags:   []string{"6.6.1"},
-		},
-		{
-			URL:             "https://github.com/stefanprodan/podinfo",
-			CheckoutTag:     "6.6.2",
-			Branch:          "master",
+			URL:             "https://github.com/errordeveloper/tape-git-testing",
+			CheckoutTag:     "0.0.1",
 			LoadPath:        "",
-			ExpectManifests: []string{"kustomize/kustomization.yaml", "kustomize/deployment.yaml", "kustomize/hpa.yaml", "kustomize/service.yaml"},
-			ExpectImageTags: []string{"6.6.1"},
-			ExpectRawTags:   []string{"6.6.1"},
+			ExpectManifests: []string{"podinfo/kustomization.yaml", "podinfo/deployment.yaml", "podinfo/hpa.yaml", "podinfo/service.yaml"},
+			ExpectImageTags: []string{"v0.0.1"},
+			ExpectRawTags:   []string{"0.0.1", "v0.0.1", "podinfo/v6.6.3"},
 		},
 		{
-			URL:             "https://github.com/fluxcd/pkg",
-			CheckoutHash:    "c647aea83012218c0353d3408b2237bb639578f3",
-			Branch:          "master",
-			LoadPath:        "version",
-			ExpectImageTags: nil,
-			ExpectRawTags:   nil,
+			URL:             "https://github.com/errordeveloper/tape-git-testing",
+			CheckoutTag:     "v0.0.2",
+			LoadPath:        "podinfo",
+			ExpectManifests: []string{"kustomization.yaml", "deployment.yaml", "hpa.yaml", "service.yaml"},
+			ExpectImageTags: []string{"v0.0.2"},
+			ExpectRawTags:   []string{"0.0.2", "v0.0.2", "podinfo/v6.7.0"},
 		},
-		// {
-		// 	URL:             "https://github.com/fluxcd/pkg",
-		// 	CheckoutTag:     "version/v0.4.0",
-		// 	Branch:          "master",
-		// 	LoadPath:        "version",
-		// 	ExpectImageTags: nil, // TODO: should be 0.4.0
-		// 	ExpectRawTags: []string{
-		// 		"version/v0.4.0",
-		// 		"testserver/v0.7.0",
-		// 		"tar/v0.7.0",
-		// 		"ssh/v0.13.0",
-		// 		"ssa/v0.39.1",
-		// 		"ssa/v0.39.0",
-		// 		"sourceignore/v0.7.0",
-		// 		"runtime/v0.47.1",
-		// 		"runtime/v0.47.0",
-		// 		"oci/v0.38.1",
-		// 		"oci/v0.38.0",
-		// 		"oci/v0.37.1",
-		// 		"oci/v0.37.0",
-		// 		"masktoken/v0.4.0",
-		// 		"lockedfile/v0.3.0",
-		// 		"kustomize/v1.11.0",
-		// 		"http/transport/v0.3.0",
-		// 		"http/fetch/v0.11.0",
-		// 		"helmtestserver/v0.18.0",
-		// 		"gittestserver/v0.12.0",
-		// 		"git/v0.19.0",
-		// 		"git/gogit/v0.19.0",
-		// 		"envsubst/v1.1.0",
-		// 		"cache/v0.0.1",
-		// 		"apis/meta/v1.5.0",
-		// 		"apis/kustomize/v1.5.0",
-		// 		"apis/event/v0.9.0",
-		// 		"apis/acl/v0.3.0",
-		// 	},
-		// },
 	}
 
 	repos := &repos{}
 	repos.init()
 	defer repos.cleanup()
 
-	for _, tc := range testCases {
+	for i := range testCases {
+		tc := testCases[i]
 		t.Run(tc.Name(), makeVCSTest(repos, tc))
 	}
 }
@@ -158,7 +112,10 @@ func makeVCSTest(repos *repos, tc vcsTestCase) func(t *testing.T) {
 		scanner.WithProvinanceAttestor(attreg)
 
 		if tc.ExpectManifests != nil {
-			g.Expect(loader.Paths()).To(ConsistOf(tc.ExpectManifests))
+			g.Expect(loader.Paths()).To(HaveLen(len(tc.ExpectManifests)))
+			for _, manifest := range tc.ExpectManifests {
+				g.Expect(loader.ContainsRelPath(manifest)).To(BeTrue())
+			}
 		}
 
 		g.Expect(scanner.Scan(loader.RelPaths())).To(Succeed())
@@ -188,19 +145,22 @@ func makeVCSTest(repos *repos, tc vcsTestCase) func(t *testing.T) {
 		g.Expect(ok).To(BeTrue())
 		ref := groupSummary.Git.Reference
 		g.Expect(ref.Tags).To(HaveLen(len(tc.ExpectRawTags)))
-		for i, tag := range tc.ExpectRawTags {
-			g.Expect(ref.Tags[i].Name).To(Equal(tag))
+		imageTagNames := make([]string, len(ref.Tags))
+		for i, tag := range ref.Tags {
+			imageTagNames[i] = tag.Name
 		}
+		g.Expect(imageTagNames).To(ConsistOf(tc.ExpectRawTags))
 
 		image, err := name.NewRepository("podinfo")
 		g.Expect(err).NotTo(HaveOccurred())
 
 		semVerTags := oci.SemVerTagsFromAttestations(ctx, image.Tag("test.123456"), statements...)
-
 		g.Expect(semVerTags).To(HaveLen(len(tc.ExpectImageTags)))
-		for i, tag := range tc.ExpectImageTags {
-			g.Expect(semVerTags[i].TagStr()).To(Equal(tag))
+		semVerTagNames := make([]string, len(semVerTags))
+		for i, tag := range semVerTags {
+			semVerTagNames[i] = tag.TagStr()
 		}
+		g.Expect(semVerTagNames).To(ConsistOf(tc.ExpectImageTags))
 	}
 }
 
diff --git a/oci/artefact.go b/oci/artefact.go
index 180ae82..772afa6 100644
--- a/oci/artefact.go
+++ b/oci/artefact.go
@@ -11,6 +11,7 @@ import (
 	"maps"
 	"os"
 	"path/filepath"
+	"strings"
 	"time"
 
 	"golang.org/x/mod/semver"
@@ -399,10 +400,17 @@ func SemVerTagsFromAttestations(ctx context.Context, tag name.Tag, sourceAttesta
 	}
 	// TODO: detect tags with groupSummary.Path+"/" as prefix and priorities them
 	tags := make([]name.Tag, 0, len(ref.Tags))
+	set := make(map[string]struct{}, len(ref.Tags))
 	for i := range ref.Tags {
 		t := ref.Tags[i].Name
-		if semver.IsValid(t) || semver.IsValid("v"+t) {
-			tags = append(tags, tag.Context().Tag(ref.Tags[i].Name))
+		if !strings.HasPrefix(t, "v") {
+			t = "v" + t
+		}
+		if _, ok := set[t]; !ok {
+			if semver.IsValid(t) {
+				tags = append(tags, tag.Context().Tag(t))
+				set[t] = struct{}{}
+			}
 		}
 	}
 	if len(tags) == 0 {