From 16815ee078c8017457400cadf10210214d4aec11 Mon Sep 17 00:00:00 2001
From: Theodore Tsirpanis <teo@tsirpanis.gr>
Date: Tue, 28 Feb 2023 21:20:14 +0200
Subject: [PATCH 1/2] Fix link.

Signed-off-by: Theodore Tsirpanis <teo@tsirpanis.gr>
---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 8d9adeb392e..3e1f9d2f595 100644
--- a/README.md
+++ b/README.md
@@ -203,7 +203,7 @@ Add the binary to your `GOPATH/bin` directory (use `go env GOPATH` to identify y
 
 ###### Verifying SLSA provenance for downloaded releases
 
-We generate [SLSA3 signatures](slsa.dev) using the OpenSSF's [slsa-framework/slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator) during the release process. To verify a release binary:
+We generate [SLSA3 signatures](https://slsa.dev) using the OpenSSF's [slsa-framework/slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator) during the release process. To verify a release binary:
 1. Install the verification tool from [slsa-framework/slsa-verifier#installation](https://github.com/slsa-framework/slsa-verifier#installation).
 2. Download the signature file `attestation.intoto.jsonl` from the [GitHub releases page](https://github.com/GoogleContainerTools/jib/releases/latest).
 3. Run the verifier:

From 6cba611973538cd2dd23617da86e95b07c2ccbe1 Mon Sep 17 00:00:00 2001
From: Theodore Tsirpanis <teo@tsirpanis.gr>
Date: Tue, 28 Feb 2023 21:35:01 +0200
Subject: [PATCH 2/2] Update two more links.

Signed-off-by: Theodore Tsirpanis <teo@tsirpanis.gr>
---
 docs/checks.md                   | 2 +-
 docs/checks/internal/checks.yaml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/checks.md b/docs/checks.md
index f1174921c65..3d744a660e1 100644
--- a/docs/checks.md
+++ b/docs/checks.md
@@ -589,7 +589,7 @@ Signed releases attest to the provenance of the artifact.
 This check looks for the following filenames in the project's last five
 [release assets](https://docs.github.com/en/repositories/releasing-projects-on-github/about-releases):
 [*.minisig](https://github.com/jedisct1/minisign), *.asc (pgp),
-*.sig, *.sign, [*.intoto.jsonl](slsa.dev).
+*.sig, *.sign, [*.intoto.jsonl](https://slsa.dev).
 
 If a signature is found in the assets for each release, a score of 8 is given.
 If a [SLSA provenance file](https://slsa.dev/spec/v0.1/index) is found in the assets for each release (*.intoto.jsonl), the maximum score of 10 is given.
diff --git a/docs/checks/internal/checks.yaml b/docs/checks/internal/checks.yaml
index fe7477c2abc..a8ba343a069 100644
--- a/docs/checks/internal/checks.yaml
+++ b/docs/checks/internal/checks.yaml
@@ -621,7 +621,7 @@ checks:
       This check looks for the following filenames in the project's last five
       [release assets](https://docs.github.com/en/repositories/releasing-projects-on-github/about-releases):
       [*.minisig](https://github.com/jedisct1/minisign), *.asc (pgp),
-      *.sig, *.sign, [*.intoto.jsonl](slsa.dev).
+      *.sig, *.sign, [*.intoto.jsonl](https://slsa.dev).
 
       If a signature is found in the assets for each release, a score of 8 is given.
       If a [SLSA provenance file](https://slsa.dev/spec/v0.1/index) is found in the assets for each release (*.intoto.jsonl), the maximum score of 10 is given.