Merge pull request #129 from stacklok/slsa_gh_att

Fix the slsa_gh_attestation rule type
mindersec · Jul 24, 2024 · ea53461 · ea53461
2 parents 72b4766 + 297f1c8
commit ea53461
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/rule-types/github/artifact_attestation_slsa.yaml b/rule-types/github/artifact_attestation_slsa.yaml
@@ -94,7 +94,7 @@ def:
         artifacts_github_provenance = {artifact |
           some artifact in input.ingested
           artifact.Verification.attestation.predicate_type == "https://slsa.dev/provenance/v1"
-          artifact.Verification.attestation.predicate.buildDefinition.buildType == "https://slsa-framework.github.io/github-actions-buildtypes/workflow/v1"
+          artifact.Verification.attestation.predicate.buildDefinition.buildType == "https://actions.github.io/buildtypes/workflow/v1"
         }
 
         allow if {
@@ -110,7 +110,7 @@ def:
             artifact.Verification.attestation.predicate.buildDefinition.externalParameters.workflow.path == input.profile.signer_identity
             artifact.Verification.attestation.predicate.buildDefinition.externalParameters.workflow.ref == workflow_ref
             artifact.Verification.attestation.predicate.buildDefinition.externalParameters.workflow.repository == input.profile.workflow_repository
-            artifact.Verification.attestation.predicate.runDetails.builder.id == input.profile.runner_environment
+            artifact.Verification.attestation.predicate.buildDefinition.internalParameters.github.runner_environment == input.profile.runner_environment
 
             some event in input.profile.event
             artifact.Verification.attestation.predicate.buildDefinition.internalParameters.github.event_name == event