diff --git a/CHANGELOG.md b/CHANGELOG.md
index 642c5a1eee..12cefe5bd4 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -9,92 +9,94 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 <!-- toc -->
 
+- [v2.2.0](#v220)
+    - [v2.2.0: Change module name to v2](#v220-change-module-name-to-v2)
 - [v2.1.0](#v210)
-  - [v2.1.0: Sigstore Bundles for Generic Generator and Go Builder](#v210-sigstore-bundles-for-generic-generator-and-go-builder)
-  - [v2.1.0: Vars context recorded in provenance](#v210-vars-context-recorded-in-provenance)
+    - [v2.1.0: Sigstore Bundles for Generic Generator and Go Builder](#v210-sigstore-bundles-for-generic-generator-and-go-builder)
+    - [v2.1.0: Vars context recorded in provenance](#v210-vars-context-recorded-in-provenance)
 - [v2.0.0](#v200)
-  - [v2.0.0: Breaking Change: upload-artifact and download-artifact](#v200-breaking-change-upload-artifact-and-download-artifact)
-  - [v2.0.0: Breaking Change: attestation-name Workflow Input and Output](#v200-breaking-change-attestation-name-workflow-input-and-output)
-  - [v2.0.0: DSSE Rekor Type](#v200-dsse-rekor-type)
+    - [v2.0.0: Breaking Change: upload-artifact and download-artifact](#v200-breaking-change-upload-artifact-and-download-artifact)
+    - [v2.0.0: Breaking Change: attestation-name Workflow Input and Output](#v200-breaking-change-attestation-name-workflow-input-and-output)
+    - [v2.0.0: DSSE Rekor Type](#v200-dsse-rekor-type)
 - [v1.10.0](#v1100)
-  - [v1.10.0: TUF fix](#v1100-tuf-fix)
-  - [v1.10.0: Gradle Builder](#v1100-gradle-builder)
-  - [v1.10.0: Go Builder](#v1100-go-builder)
-  - [v1.10.0: Container Generator](#v1100-container-generator)
+    - [v1.10.0: TUF fix](#v1100-tuf-fix)
+    - [v1.10.0: Gradle Builder](#v1100-gradle-builder)
+    - [v1.10.0: Go Builder](#v1100-go-builder)
+    - [v1.10.0: Container Generator](#v1100-container-generator)
 - [v1.9.0](#v190)
-  - [v1.9.0: BYOB framework (beta)](#v190-byob-framework-beta)
-  - [v1.9.0: Maven builder (beta)](#v190-maven-builder-beta)
-  - [v1.9.0: Gradle builder (beta)](#v190-gradle-builder-beta)
-  - [v1.9.0: JReleaser builder](#v190-jreleaser-builder)
+    - [v1.9.0: BYOB framework (beta)](#v190-byob-framework-beta)
+    - [v1.9.0: Maven builder (beta)](#v190-maven-builder-beta)
+    - [v1.9.0: Gradle builder (beta)](#v190-gradle-builder-beta)
+    - [v1.9.0: JReleaser builder](#v190-jreleaser-builder)
 - [v1.8.0](#v180)
-  - [v1.8.0: Generic Generator](#v180-generic-generator)
-  - [v1.8.0: Node.js Builder (beta)](#v180-nodejs-builder-beta)
+    - [v1.8.0: Generic Generator](#v180-generic-generator)
+    - [v1.8.0: Node.js Builder (beta)](#v180-nodejs-builder-beta)
 - [v1.7.0](#v170)
-  - [v1.7.0: Go builder](#v170-go-builder)
+    - [v1.7.0: Go builder](#v170-go-builder)
 - [v1.6.0](#v160)
-  - [Summary of changes](#summary-of-changes)
-    - [Go builder](#go-builder)
-      - [New Features](#new-features)
-    - [Generic generator](#generic-generator)
-      - [New Features](#new-features-1)
-    - [Container generator](#container-generator)
-  - [Changelog since v1.5.0](#changelog-since-v150)
+    - [Summary of changes](#summary-of-changes)
+        - [Go builder](#go-builder)
+            - [New Features](#new-features)
+        - [Generic generator](#generic-generator)
+            - [New Features](#new-features-1)
+        - [Container generator](#container-generator)
+    - [Changelog since v1.5.0](#changelog-since-v150)
 - [v1.5.0](#v150)
-  - [Summary of changes](#summary-of-changes-1)
-    - [Go builder](#go-builder-1)
-      - [New Features](#new-features-2)
-    - [Generic generator](#generic-generator-1)
-      - [New Features](#new-features-3)
-    - [Container generator](#container-generator-1)
-      - [New Features](#new-features-4)
-  - [Changelog since v1.4.0](#changelog-since-v140)
+    - [Summary of changes](#summary-of-changes-1)
+        - [Go builder](#go-builder-1)
+            - [New Features](#new-features-2)
+        - [Generic generator](#generic-generator-1)
+            - [New Features](#new-features-3)
+        - [Container generator](#container-generator-1)
+            - [New Features](#new-features-4)
+    - [Changelog since v1.4.0](#changelog-since-v140)
 - [v1.4.0](#v140)
-  - [What's Changed](#whats-changed)
-    - [Generic Generator](#generic-generator)
-      - [Bug fixes](#bug-fixes)
-    - [Go Builder](#go-builder)
-      - [Bug fixes](#bug-fixes-1)
-  - [New Contributors](#new-contributors)
-  - [Full Changelog](#full-changelog)
+    - [What's Changed](#whats-changed)
+        - [Generic Generator](#generic-generator)
+            - [Bug fixes](#bug-fixes)
+        - [Go Builder](#go-builder)
+            - [Bug fixes](#bug-fixes-1)
+    - [New Contributors](#new-contributors)
+    - [Full Changelog](#full-changelog)
 - [v1.4.0-rc.2](#v140-rc2)
-  - [What's Changed](#whats-changed-1)
-  - [New Contributors](#new-contributors-1)
-  - [Full Changelog](#full-changelog-1)
+    - [What's Changed](#whats-changed-1)
+    - [New Contributors](#new-contributors-1)
+    - [Full Changelog](#full-changelog-1)
 - [v1.4.0-rc.1](#v140-rc1)
-  - [What's Changed](#whats-changed-2)
-  - [New Contributors](#new-contributors-2)
-  - [Full Changelog](#full-changelog-2)
+    - [What's Changed](#whats-changed-2)
+    - [New Contributors](#new-contributors-2)
+    - [Full Changelog](#full-changelog-2)
 - [v1.4.0-rc.0](#v140-rc0)
-  - [What's Changed](#whats-changed-3)
-  - [New Contributors](#new-contributors-3)
-  - [Full Changelog](#full-changelog-3)
+    - [What's Changed](#whats-changed-3)
+    - [New Contributors](#new-contributors-3)
+    - [Full Changelog](#full-changelog-3)
 - [v1.2.2](#v122)
-  - [What's Changed](#whats-changed-4)
-  - [New Contributors](#new-contributors-4)
-  - [Full Changelog](#full-changelog-4)
+    - [What's Changed](#whats-changed-4)
+    - [New Contributors](#new-contributors-4)
+    - [Full Changelog](#full-changelog-4)
 - [v1.2.1](#v121)
-  - [What's Changed](#whats-changed-5)
-    - [Generic generator](#generic-generator-2)
-      - [buildType](#buildtype)
-      - [Provenance file names](#provenance-file-names)
-      - [Explicit opt-in for private repos](#explicit-opt-in-for-private-repos)
-    - [Go builder](#go-builder-2)
-      - [Support private repos](#support-private-repos)
-  - [New Contributors](#new-contributors-5)
-  - [Full Changelog](#full-changelog-5)
+    - [What's Changed](#whats-changed-5)
+        - [Generic generator](#generic-generator-2)
+            - [buildType](#buildtype)
+            - [Provenance file names](#provenance-file-names)
+            - [Explicit opt-in for private repos](#explicit-opt-in-for-private-repos)
+        - [Go builder](#go-builder-2)
+            - [Support private repos](#support-private-repos)
+    - [New Contributors](#new-contributors-5)
+    - [Full Changelog](#full-changelog-5)
 - [v1.2.0](#v120)
-  - [What's Changed](#whats-changed-6)
-    - [Generic generator](#generic-generator-3)
-    - [Go builder](#go-builder-3)
-  - [New Contributors](#new-contributors-6)
-  - [Full Changelog](#full-changelog-6)
+    - [What's Changed](#whats-changed-6)
+        - [Generic generator](#generic-generator-3)
+        - [Go builder](#go-builder-3)
+    - [New Contributors](#new-contributors-6)
+    - [Full Changelog](#full-changelog-6)
 - [v1.1.1](#v111)
-  - [What's Changed](#whats-changed-7)
-  - [New Contributors](#new-contributors-7)
-  - [Full Changelog](#full-changelog-7)
+    - [What's Changed](#whats-changed-7)
+    - [New Contributors](#new-contributors-7)
+    - [Full Changelog](#full-changelog-7)
 - [v1.0.0](#v100)
-  - [What's Changed](#whats-changed-8)
-  - [Contributors](#contributors)
+    - [What's Changed](#whats-changed-8)
+    - [Contributors](#contributors)
 
 <!-- tocstop -->
 
@@ -105,6 +107,13 @@ Use the format "X.Y.Z: Go builder" etc. for format headers to avoid header name
 duplication."
 -->
 
+## v2.2.0
+
+### v2.2.0: Change module name to v2
+
+- **Updated**: The module name of this repository has been changed from
+  `github.com/slsa-framework/slsa-github-generator` to `github.com/slsa-framework/slsa-github-generator/v2`.
+
 ## v2.1.0
 
 ### v2.1.0: Sigstore Bundles for Generic Generator and Go Builder
@@ -146,14 +155,16 @@ https://search.sigstore.dev/.
 
 ## v1.10.0
 
-Release [v1.10.0](https://github.com/slsa-framework/slsa-github-generator/releases/tag/v1.10.0) includes bug fixes and new features.
+Release [v1.10.0](https://github.com/slsa-framework/slsa-github-generator/releases/tag/v1.10.0) includes bug fixes and
+new features.
 
 See the [full change list](https://github.com/slsa-framework/slsa-github-generator/compare/v1.9.0...v1.10.0).
 
 ### v1.10.0: TUF fix
 
 - The cosign TUF roots were fixed ([#3350](https://github.com/slsa-framework/slsa-github-generator/issues/3350)).
-  More details [here](https://github.com/slsa-framework/slsa-github-generator/blob/v1.10.0/README.md#error-updating-to-tuf-remote-mirror-invalid).
+  More
+  details [here](https://github.com/slsa-framework/slsa-github-generator/blob/v1.10.0/README.md#error-updating-to-tuf-remote-mirror-invalid).
 
 ### v1.10.0: Gradle Builder
 
@@ -168,7 +179,8 @@ See the [full change list](https://github.com/slsa-framework/slsa-github-generat
 ### v1.10.0: Container Generator
 
 - A new `provenance-repository` input was added to allow reading provenance from
-  a different container repository than the image itself ([#2956](https://github.com/slsa-framework/slsa-github-generator/issues/2956))
+  a different container repository than the image
+  itself ([#2956](https://github.com/slsa-framework/slsa-github-generator/issues/2956))
 
 ## v1.9.0
 
@@ -178,19 +190,24 @@ See the [full change list](https://github.com/slsa-framework/slsa-github-generat
 
 ### v1.9.0: BYOB framework (beta)
 
-- **New**: A [new framework](https://github.com/slsa-framework/slsa-github-generator/blob/main/BYOB.md) to turn GitHub Actions into SLSA compliant builders.
+- **New**: A [new framework](https://github.com/slsa-framework/slsa-github-generator/blob/main/BYOB.md) to turn GitHub
+  Actions into SLSA compliant builders.
 
 ### v1.9.0: Maven builder (beta)
 
-- **New**: A [Maven builder](https://github.com/slsa-framework/slsa-github-generator/tree/main/internal/builders/maven) to build Java projects and publish to Maven central.
+- **New**: A [Maven builder](https://github.com/slsa-framework/slsa-github-generator/tree/main/internal/builders/maven)
+  to build Java projects and publish to Maven central.
 
 ### v1.9.0: Gradle builder (beta)
 
-- **New**: A [Gradle builder](https://github.com/slsa-framework/slsa-github-generator/tree/main/internal/builders/gradle) to build Java projects and publish to Maven central.
+- **New**:
+  A [Gradle builder](https://github.com/slsa-framework/slsa-github-generator/tree/main/internal/builders/gradle) to
+  build Java projects and publish to Maven central.
 
 ### v1.9.0: JReleaser builder
 
-- **New**: A [JReleaser builder](https://github.com/jreleaser/release-action/tree/v1.0.0-java) that wraps the official [JReleaser Action](https://github.com/jreleaser/release-action/tree/v1.0.0-java).
+- **New**: A [JReleaser builder](https://github.com/jreleaser/release-action/tree/v1.0.0-java) that wraps the
+  official [JReleaser Action](https://github.com/jreleaser/release-action/tree/v1.0.0-java).
 
 ## v1.8.0
 
@@ -201,7 +218,8 @@ See the [full change list](https://github.com/slsa-framework/slsa-github-generat
 ### v1.8.0: Generic Generator
 
 - **Added**: A new
-  [`base64-subjects-as-file`](https://github.com/slsa-framework/slsa-github-generator/blob/v1.8.0/internal/builders/generic/README.md#workflow-inputs)
+  [
+  `base64-subjects-as-file`](https://github.com/slsa-framework/slsa-github-generator/blob/v1.8.0/internal/builders/generic/README.md#workflow-inputs)
   was added to allow for specifying a large subject list.
 
 ### v1.8.0: Node.js Builder (beta)
@@ -246,19 +264,26 @@ and publish it to the npm registry along with the package.
 ##### New Features
 
 - A new
-  [`prerelease`](https://github.com/slsa-framework/slsa-github-generator/blob/v1.6.0/internal/builders/go/README.md#workflow-inputs)
+  [
+  `prerelease`](https://github.com/slsa-framework/slsa-github-generator/blob/v1.6.0/internal/builders/go/README.md#workflow-inputs)
   input was added to allow users to create releases marked as prerelease when
   `upload-assets` is set to `true`.
-- A new input [`draft-release`](https://github.com/slsa-framework/slsa-github-generator/blob/v1.6.0/internal/builders/go/README.md#workflow-inputs) was added to allow users to create releases marked
+- A new input [
+  `draft-release`](https://github.com/slsa-framework/slsa-github-generator/blob/v1.6.0/internal/builders/go/README.md#workflow-inputs)
+  was added to allow users to create releases marked
   as draft when `upload-assets` is set to `true`.
-- A new output [`go-provenance-name`](https://github.com/slsa-framework/slsa-github-generator/blob/v1.6.0/internal/builders/go/README.md#workflow-outputs) added which can be used to retrieve the name
+- A new output [
+  `go-provenance-name`](https://github.com/slsa-framework/slsa-github-generator/blob/v1.6.0/internal/builders/go/README.md#workflow-outputs)
+  added which can be used to retrieve the name
   of the provenance file generated by the builder.
 
 #### Generic generator
 
 ##### New Features
 
-- A new input [`draft-release`](https://github.com/slsa-framework/slsa-github-generator/blob/v1.6.0/internal/builders/generic/README.md#workflow-inputs) was added to allow users to create releases marked
+- A new input [
+  `draft-release`](https://github.com/slsa-framework/slsa-github-generator/blob/v1.6.0/internal/builders/generic/README.md#workflow-inputs)
+  was added to allow users to create releases marked
   as draft when `upload-assets` is set to `true`.
 
 #### Container generator
@@ -280,23 +305,49 @@ https://github.com/slsa-framework/slsa-github-generator/compare/v1.5.0...v1.6.0
 
 ##### New Features
 
-- A new [`upload-tag-name`](https://github.com/slsa-framework/slsa-github-generator/blob/v1.5.0/internal/builders/generic/README.md#workflow-inputs) input was added to allow users to specify the tag name for the release when `upload-assets` is set to `true`.
-- The environment variables included in provenance output were changed to include only those variables that are specified by the user in the [slsa-goreleaser.yml configuration file](https://github.com/slsa-framework/slsa-github-generator/tree/v1.5.0/internal/builders/go#configuration-file) in order to improve reproducibility. See [#822](https://github.com/slsa-framework/slsa-github-generator/issues/822) for more information and background.
+- A new [
+  `upload-tag-name`](https://github.com/slsa-framework/slsa-github-generator/blob/v1.5.0/internal/builders/generic/README.md#workflow-inputs)
+  input was added to allow users to specify the tag name for the release when `upload-assets` is set to `true`.
+- The environment variables included in provenance output were changed to include only those variables that are
+  specified by the user in
+  the [slsa-goreleaser.yml configuration file](https://github.com/slsa-framework/slsa-github-generator/tree/v1.5.0/internal/builders/go#configuration-file)
+  in order to improve reproducibility. See [#822](https://github.com/slsa-framework/slsa-github-generator/issues/822)
+  for more information and background.
 
 #### Generic generator
 
 ##### New Features
 
-- A new boolean [`continue-on-error`](https://github.com/slsa-framework/slsa-github-generator/blob/v1.5.0/internal/builders/generic/README.md#workflow-inputs) input was added which, when set to `true`, prevents the workflow from failing when a step fails. If set to true, the result of the reusable workflow will be return in the [`outcome`](https://github.com/slsa-framework/slsa-github-generator/blob/v1.5.0/internal/builders/generic/README.md#workflow-outputs) output.
-- A new [`upload-tag-name`](https://github.com/slsa-framework/slsa-github-generator/blob/v1.5.0/internal/builders/generic/README.md#workflow-inputs) input was added to allow users to specify the tag name for the release when `upload-assets` is set to `true`.
+- A new boolean [
+  `continue-on-error`](https://github.com/slsa-framework/slsa-github-generator/blob/v1.5.0/internal/builders/generic/README.md#workflow-inputs)
+  input was added which, when set to `true`, prevents the workflow from failing when a step fails. If set to true, the
+  result of the reusable workflow will be return in the [
+  `outcome`](https://github.com/slsa-framework/slsa-github-generator/blob/v1.5.0/internal/builders/generic/README.md#workflow-outputs)
+  output.
+- A new [
+  `upload-tag-name`](https://github.com/slsa-framework/slsa-github-generator/blob/v1.5.0/internal/builders/generic/README.md#workflow-inputs)
+  input was added to allow users to specify the tag name for the release when `upload-assets` is set to `true`.
 
 #### Container generator
 
 ##### New Features
 
-- A new boolean [`continue-on-error`](https://github.com/slsa-framework/slsa-github-generator/blob/v1.5.0/internal/builders/container/README.md#workflow-inputs) input was added which, when set to `true`, prevents the workflow from failing when a step fails. If set to true, the result of the reusable workflow will be return in the [`outcome`](https://github.com/slsa-framework/slsa-github-generator/blob/v1.5.0/internal/builders/container/README.md#workflow-outputs) output.
-- A new [`repository-username`](https://github.com/slsa-framework/slsa-github-generator/blob/v1.5.0/internal/builders/container/README.md#workflow-inputs) secret input was added to allow users to pass their repository username that is stored in a [Github Actions encrypted secret](https://docs.github.com/en/actions/security-guides/encrypted-secrets). This secret input should only be used for high-entropy registry username values such as AWS Access Key.
-- Support was added for authenticating with [Google Artifact Registry](https://cloud.google.com/artifact-registry) and [Google Container Registry](https://cloud.google.com/container-registry) using [Workload Identity Federation](https://cloud.google.com/iam/docs/workload-identity-federation). Users can use this new feature by using the [`gcp-workload-identity-provider` and `gcp-service-account` inputs](https://github.com/slsa-framework/slsa-github-generator/blob/v1.5.0/internal/builders/container/README.md#workflow-inputs)
+- A new boolean [
+  `continue-on-error`](https://github.com/slsa-framework/slsa-github-generator/blob/v1.5.0/internal/builders/container/README.md#workflow-inputs)
+  input was added which, when set to `true`, prevents the workflow from failing when a step fails. If set to true, the
+  result of the reusable workflow will be return in the [
+  `outcome`](https://github.com/slsa-framework/slsa-github-generator/blob/v1.5.0/internal/builders/container/README.md#workflow-outputs)
+  output.
+- A new [
+  `repository-username`](https://github.com/slsa-framework/slsa-github-generator/blob/v1.5.0/internal/builders/container/README.md#workflow-inputs)
+  secret input was added to allow users to pass their repository username that is stored in
+  a [Github Actions encrypted secret](https://docs.github.com/en/actions/security-guides/encrypted-secrets). This secret
+  input should only be used for high-entropy registry username values such as AWS Access Key.
+- Support was added for authenticating with [Google Artifact Registry](https://cloud.google.com/artifact-registry)
+  and [Google Container Registry](https://cloud.google.com/container-registry)
+  using [Workload Identity Federation](https://cloud.google.com/iam/docs/workload-identity-federation). Users can use
+  this new feature by using the [`gcp-workload-identity-provider` and
+  `gcp-service-account` inputs](https://github.com/slsa-framework/slsa-github-generator/blob/v1.5.0/internal/builders/container/README.md#workflow-inputs)
 
 ### Changelog since v1.4.0
 
@@ -306,22 +357,29 @@ https://github.com/slsa-framework/slsa-github-generator/compare/v1.4.0...v1.5.0
 
 ### What's Changed
 
-This release is the first Generally Available version of the [Container Generator workflow](https://github.com/slsa-framework/slsa-github-generator/tree/main/internal/builders/container). The Container Generator workflow is now considered stable and can be included in your production GitHub Actions workflows
+This release is the first Generally Available version of
+the [Container Generator workflow](https://github.com/slsa-framework/slsa-github-generator/tree/main/internal/builders/container).
+The Container Generator workflow is now considered stable and can be included in your production GitHub Actions
+workflows
 
-This is also the first release (technically the second) with support for the [generally available version of sigstore](https://blog.sigstore.dev/sigstore-ga-ddd6ba67894d)!!
+This is also the first release (technically the second) with support for
+the [generally available version of sigstore](https://blog.sigstore.dev/sigstore-ga-ddd6ba67894d)!!
 We hope to have fewer issues with sigstore infrastructure moving forward.
 
 #### Generic Generator
 
 ##### Bug fixes
 
-1. Allow users of the [Generic Generator](https://github.com/slsa-framework/slsa-github-generator/tree/main/internal/builders/generic) to generate provenance for artifacts created in a project subdirectory (#1225)
+1. Allow users of
+   the [Generic Generator](https://github.com/slsa-framework/slsa-github-generator/tree/main/internal/builders/generic)
+   to generate provenance for artifacts created in a project subdirectory (#1225)
 
 #### Go Builder
 
 ##### Bug fixes
 
-1. Allow environment variables to contain '=' characters in the [Go builder](https://github.com/slsa-framework/slsa-github-generator/tree/main/internal/builders/go) (#1231)
+1. Allow environment variables to contain '=' characters in
+   the [Go builder](https://github.com/slsa-framework/slsa-github-generator/tree/main/internal/builders/go) (#1231)
 
 ### New Contributors
 
@@ -335,18 +393,25 @@ https://github.com/slsa-framework/slsa-github-generator/compare/v1.2.2...v1.4.0
 
 ## v1.4.0-rc.2
 
-\*_This is a pre-release. It is not meant for general consumption. The following is the proposed release notes for the official release._
+\*_This is a pre-release. It is not meant for general consumption. The following is the proposed release notes for the
+official release._
 
 ### What's Changed
 
-This release is the first Generally Available version of the [generic container workflow](https://github.com/slsa-framework/slsa-github-generator/tree/main/internal/builders/container). The generic container workflow is now considered stable and can be included in your production GitHub Actions workflows
+This release is the first Generally Available version of
+the [generic container workflow](https://github.com/slsa-framework/slsa-github-generator/tree/main/internal/builders/container).
+The generic container workflow is now considered stable and can be included in your production GitHub Actions workflows
 
-This is also the first release with support for the [generally available version of sigstore](https://blog.sigstore.dev/sigstore-ga-ddd6ba67894d)!
+This is also the first release with support for
+the [generally available version of sigstore](https://blog.sigstore.dev/sigstore-ga-ddd6ba67894d)!
 
 This release also includes a couple of bug fixes:
 
-1. Allow users of the [generic generator workflow](https://github.com/slsa-framework/slsa-github-generator/tree/main/internal/builders/generic) to generate provenance using for artifacts created in a project subdirectory (#1225)
-2. Allow environment variables to contain '=' characters in the [Go workflow](https://github.com/slsa-framework/slsa-github-generator/tree/main/internal/builders/go) (#1231)
+1. Allow users of
+   the [generic generator workflow](https://github.com/slsa-framework/slsa-github-generator/tree/main/internal/builders/generic)
+   to generate provenance using for artifacts created in a project subdirectory (#1225)
+2. Allow environment variables to contain '=' characters in
+   the [Go workflow](https://github.com/slsa-framework/slsa-github-generator/tree/main/internal/builders/go) (#1231)
 
 ### New Contributors
 
@@ -360,18 +425,25 @@ https://github.com/slsa-framework/slsa-github-generator/compare/v1.2.2...v1.4.0-
 
 ## v1.4.0-rc.1
 
-\*_This is a pre-release. It is not meant for general consumption. The following is the proposed release notes for the official release._
+\*_This is a pre-release. It is not meant for general consumption. The following is the proposed release notes for the
+official release._
 
 ### What's Changed
 
-This release is the first Generally Available version of the [generic container workflow](https://github.com/slsa-framework/slsa-github-generator/tree/main/internal/builders/container). The generic container workflow is now considered stable and can be included in your production GitHub Actions workflows
+This release is the first Generally Available version of
+the [generic container workflow](https://github.com/slsa-framework/slsa-github-generator/tree/main/internal/builders/container).
+The generic container workflow is now considered stable and can be included in your production GitHub Actions workflows
 
-This is also the first release with support for the [generally available version of sigstore](https://blog.sigstore.dev/sigstore-ga-ddd6ba67894d)!
+This is also the first release with support for
+the [generally available version of sigstore](https://blog.sigstore.dev/sigstore-ga-ddd6ba67894d)!
 
 This release also includes a couple of bug fixes:
 
-1. Allow users of the [generic generator workflow](https://github.com/slsa-framework/slsa-github-generator/tree/main/internal/builders/generic) to generate provenance using for artifacts created in a project subdirectory (#1225)
-2. Allow environment variables to contain '=' characters in the [Go workflow](https://github.com/slsa-framework/slsa-github-generator/tree/main/internal/builders/go) (#1231)
+1. Allow users of
+   the [generic generator workflow](https://github.com/slsa-framework/slsa-github-generator/tree/main/internal/builders/generic)
+   to generate provenance using for artifacts created in a project subdirectory (#1225)
+2. Allow environment variables to contain '=' characters in
+   the [Go workflow](https://github.com/slsa-framework/slsa-github-generator/tree/main/internal/builders/go) (#1231)
 
 ### New Contributors
 
@@ -385,18 +457,25 @@ https://github.com/slsa-framework/slsa-github-generator/compare/v1.2.2...v1.4.0-
 
 ## v1.4.0-rc.0
 
-**This is a pre-release. It is not meant for general consumption. The following is the proposed release notes for the official release.**
+**This is a pre-release. It is not meant for general consumption. The following is the proposed release notes for the
+official release.**
 
 ### What's Changed
 
-This release is the first Generally Available version of the [generic container workflow](https://github.com/slsa-framework/slsa-github-generator/tree/main/internal/builders/container). The generic container workflow is now considered stable and can be included in your production GitHub Actions workflows
+This release is the first Generally Available version of
+the [generic container workflow](https://github.com/slsa-framework/slsa-github-generator/tree/main/internal/builders/container).
+The generic container workflow is now considered stable and can be included in your production GitHub Actions workflows
 
-This is also the first release with support for the [generally available version of sigstore](https://blog.sigstore.dev/sigstore-ga-ddd6ba67894d)!
+This is also the first release with support for
+the [generally available version of sigstore](https://blog.sigstore.dev/sigstore-ga-ddd6ba67894d)!
 
 This release also includes a couple of bug fixes:
 
-1. Allow users of the [generic generator workflow](https://github.com/slsa-framework/slsa-github-generator/tree/main/internal/builders/generic) to generate provenance using for artifacts created in a project subdirectory (#1225)
-2. Allow environment variables to contain '=' characters in the [Go workflow](https://github.com/slsa-framework/slsa-github-generator/tree/main/internal/builders/go) (#1231)
+1. Allow users of
+   the [generic generator workflow](https://github.com/slsa-framework/slsa-github-generator/tree/main/internal/builders/generic)
+   to generate provenance using for artifacts created in a project subdirectory (#1225)
+2. Allow environment variables to contain '=' characters in
+   the [Go workflow](https://github.com/slsa-framework/slsa-github-generator/tree/main/internal/builders/go) (#1231)
 
 ### New Contributors
 
@@ -412,7 +491,8 @@ https://github.com/slsa-framework/slsa-github-generator/compare/v1.2.2...v1.4.0-
 
 ### What's Changed
 
-This release fixes issues with signing provenance due to a change in Sigstore TUF root certificates (#1163). This release also includes better handling of transient errors from the Rekor transparency logs.
+This release fixes issues with signing provenance due to a change in Sigstore TUF root certificates (#1163). This
+release also includes better handling of transient errors from the Rekor transparency logs.
 
 ### New Contributors
 
@@ -427,7 +507,8 @@ https://github.com/slsa-framework/slsa-github-generator/compare/v1.2.1...v1.2.2
 
 ## v1.2.1
 
-**DO NOT USE THIS RELEASE. This version will no longer work and is not supported due to errors described in #1163. Please upgrade to [v1.2.2](https://github.com/slsa-framework/slsa-github-generator/releases/tag/v1.2.2) or later.**
+**DO NOT USE THIS RELEASE. This version will no longer work and is not supported due to errors described in #1163.
+Please upgrade to [v1.2.2](https://github.com/slsa-framework/slsa-github-generator/releases/tag/v1.2.2) or later.**
 
 ### What's Changed
 
@@ -443,7 +524,8 @@ See #942
 
 ##### buildType
 
-This release changes the [`buildType`](https://slsa.dev/provenance/v0.2#buildType) used in provenance created by the generic generator.
+This release changes the [`buildType`](https://slsa.dev/provenance/v0.2#buildType) used in provenance created by the
+generic generator.
 
 The previous value was:
 
@@ -461,15 +543,20 @@ See #627
 
 ##### Provenance file names
 
-Previously the default file name for provenance was `attestation.intoto.jsonl`. This has been updated to be in line with [intoto attestation file naming conventions](https://github.com/in-toto/attestation/blob/main/spec/bundle.md#file-naming-convention). The file name now defaults to `<artifact filename>.intoto.jsonl` if there is a single artifact, or `multiple.intoto.jsonl` if there are multiple artifacts.
+Previously the default file name for provenance was `attestation.intoto.jsonl`. This has been updated to be in line
+with [intoto attestation file naming conventions](https://github.com/in-toto/attestation/blob/main/spec/bundle.md#file-naming-convention).
+The file name now defaults to `<artifact filename>.intoto.jsonl` if there is a single artifact, or
+`multiple.intoto.jsonl` if there are multiple artifacts.
 
 See #654
 
 ##### Explicit opt-in for private repos
 
-Private repository support was enhanced to required the `private-repository` input field as the repository name will be made public in the public Rekor transparency log.
+Private repository support was enhanced to required the `private-repository` input field as the repository name will be
+made public in the public Rekor transparency log.
 
-Please add the following to your workflows if you opt into allowing repository names to be recorded in the public Rekor transparency log.
+Please add the following to your workflows if you opt into allowing repository names to be recorded in the public Rekor
+transparency log.
 
 ```yaml
 with:
@@ -482,9 +569,11 @@ See #823
 
 ##### Support private repos
 
-Support for private repositories was fixed. If using a private repository you must specify the `private-repository` input field as the repository name will be made public in the public Rekor transparency log.
+Support for private repositories was fixed. If using a private repository you must specify the `private-repository`
+input field as the repository name will be made public in the public Rekor transparency log.
 
-Please add the following to your workflows if you opt into allowing repository names to be recorded in the public Rekor transparency log.
+Please add the following to your workflows if you opt into allowing repository names to be recorded in the public Rekor
+transparency log.
 
 ```yaml
 with:
@@ -505,13 +594,17 @@ https://github.com/slsa-framework/slsa-github-generator/compare/v1.2.0...v1.2.1
 
 ## v1.2.0
 
-**DO NOT USE THIS RELEASE. This version will no longer work and is not supported due to errors described in #942. Please upgrade to [v1.2.2](https://github.com/slsa-framework/slsa-github-generator/releases/tag/v1.2.2) or later.**
+**DO NOT USE THIS RELEASE. This version will no longer work and is not supported due to errors described in #942. Please
+upgrade to [v1.2.2](https://github.com/slsa-framework/slsa-github-generator/releases/tag/v1.2.2) or later.**
 
 ### What's Changed
 
 #### Generic generator
 
-The highlight of this release is a new re-usable workflow called the "Generic generator". It lets users build artifacts on their own and generate a provenance that satisfies SLSA provenance 3 requirement. It's perfect to get started with SLSA with minimal changes to an existing build workflow. To use it, check the [README.md](https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/generic/README.md)!
+The highlight of this release is a new re-usable workflow called the "Generic generator". It lets users build artifacts
+on their own and generate a provenance that satisfies SLSA provenance 3 requirement. It's perfect to get started with
+SLSA with minimal changes to an existing build workflow. To use it, check
+the [README.md](https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/generic/README.md)!
 
 #### Go builder
 
@@ -553,11 +646,13 @@ https://github.com/slsa-framework/slsa-github-generator/compare/v1.0.0...v1.1.1
 ### What's Changed
 
 This is the first official release of the generator. The first builder we are releasing is for Golang projects.
-To learn how to use it, see [./README.md#golang-projects](https://github.com/slsa-framework/slsa-github-generator#golang-projects)
+To learn how to use it,
+see [./README.md#golang-projects](https://github.com/slsa-framework/slsa-github-generator#golang-projects)
 
 ### Contributors
 
 @asraa @ianlewis @MarkLodato @joshuagl @laurentsimon
 
 [v1.8.0]: https://github.com/slsa-framework/slsa-github-generator/releases/tag/v1.8.0
+
 [v1.9.0]: https://github.com/slsa-framework/slsa-github-generator/releases/tag/v1.9.0
diff --git a/go.mod b/go.mod
index 8c63106047..67e966db54 100644
--- a/go.mod
+++ b/go.mod
@@ -1,4 +1,4 @@
-module github.com/slsa-framework/slsa-github-generator
+module github.com/slsa-framework/slsa-github-generator/v2
 
 go 1.23.1
 
diff --git a/internal/builders/common/buildtype.go b/internal/builders/common/buildtype.go
index 5709ddfebe..4d4eadebce 100644
--- a/internal/builders/common/buildtype.go
+++ b/internal/builders/common/buildtype.go
@@ -14,7 +14,7 @@
 
 package common
 
-import "github.com/slsa-framework/slsa-github-generator/slsa"
+import "github.com/slsa-framework/slsa-github-generator/v2/slsa"
 
 // GenericBuild is a very generic build type where build type can be specified.
 type GenericBuild struct {
diff --git a/internal/builders/container/generate.go b/internal/builders/container/generate.go
index e49172d35d..9b43032dea 100644
--- a/internal/builders/container/generate.go
+++ b/internal/builders/container/generate.go
@@ -21,10 +21,10 @@ import (
 
 	"github.com/spf13/cobra"
 
-	"github.com/slsa-framework/slsa-github-generator/github"
-	"github.com/slsa-framework/slsa-github-generator/internal/builders/common"
-	"github.com/slsa-framework/slsa-github-generator/internal/utils"
-	"github.com/slsa-framework/slsa-github-generator/slsa"
+	"github.com/slsa-framework/slsa-github-generator/v2/github"
+	"github.com/slsa-framework/slsa-github-generator/v2/internal/builders/common"
+	"github.com/slsa-framework/slsa-github-generator/v2/internal/utils"
+	"github.com/slsa-framework/slsa-github-generator/v2/slsa"
 )
 
 // generateCmd returns the 'generate' command.
diff --git a/internal/builders/container/generate_test.go b/internal/builders/container/generate_test.go
index 4edd056d64..87756d08bd 100644
--- a/internal/builders/container/generate_test.go
+++ b/internal/builders/container/generate_test.go
@@ -21,8 +21,8 @@ import (
 	"path/filepath"
 	"testing"
 
-	"github.com/slsa-framework/slsa-github-generator/internal/utils"
-	"github.com/slsa-framework/slsa-github-generator/slsa"
+	"github.com/slsa-framework/slsa-github-generator/v2/internal/utils"
+	"github.com/slsa-framework/slsa-github-generator/v2/slsa"
 )
 
 func checkTest(t *testing.T) func(err error) {
diff --git a/internal/builders/container/version.go b/internal/builders/container/version.go
index 2e71bca108..cc2ec0f1b2 100644
--- a/internal/builders/container/version.go
+++ b/internal/builders/container/version.go
@@ -19,7 +19,7 @@ import (
 
 	"github.com/spf13/cobra"
 
-	"github.com/slsa-framework/slsa-github-generator/version"
+	"github.com/slsa-framework/slsa-github-generator/v2/version"
 )
 
 func versionCmd() *cobra.Command {
diff --git a/internal/builders/docker/commands.go b/internal/builders/docker/commands.go
index 59a5e2c126..41a7fef675 100644
--- a/internal/builders/docker/commands.go
+++ b/internal/builders/docker/commands.go
@@ -29,8 +29,8 @@ import (
 	"github.com/google/go-cmp/cmp/cmpopts"
 	"github.com/spf13/cobra"
 
-	"github.com/slsa-framework/slsa-github-generator/internal/builders/docker/pkg"
-	"github.com/slsa-framework/slsa-github-generator/internal/utils"
+	"github.com/slsa-framework/slsa-github-generator/v2/internal/builders/docker/pkg"
+	"github.com/slsa-framework/slsa-github-generator/v2/internal/utils"
 )
 
 // DryRunCmd returns a new *cobra.Command that validates the input flags, and
diff --git a/internal/builders/docker/pkg/builder.go b/internal/builders/docker/pkg/builder.go
index 1e438aab3f..24321c0a18 100644
--- a/internal/builders/docker/pkg/builder.go
+++ b/internal/builders/docker/pkg/builder.go
@@ -42,7 +42,7 @@ import (
 	intoto "github.com/in-toto/in-toto-golang/in_toto"
 	slsa1 "github.com/in-toto/in-toto-golang/in_toto/slsa_provenance/v1"
 
-	"github.com/slsa-framework/slsa-github-generator/internal/utils"
+	"github.com/slsa-framework/slsa-github-generator/v2/internal/utils"
 )
 
 var (
diff --git a/internal/builders/docker/pkg/config.go b/internal/builders/docker/pkg/config.go
index 605a2e299f..731e134d2c 100644
--- a/internal/builders/docker/pkg/config.go
+++ b/internal/builders/docker/pkg/config.go
@@ -23,7 +23,7 @@ import (
 	"strings"
 
 	toml "github.com/pelletier/go-toml"
-	"github.com/slsa-framework/slsa-github-generator/internal/utils"
+	"github.com/slsa-framework/slsa-github-generator/v2/internal/utils"
 )
 
 // BuildConfig is a collection of parameters to use for building the artifact.
diff --git a/internal/builders/generic/attest.go b/internal/builders/generic/attest.go
index 4bb9bba1f4..a794a0c5f1 100644
--- a/internal/builders/generic/attest.go
+++ b/internal/builders/generic/attest.go
@@ -26,11 +26,11 @@ import (
 	"github.com/spf13/cobra"
 
 	intoto "github.com/in-toto/in-toto-golang/in_toto"
-	"github.com/slsa-framework/slsa-github-generator/github"
-	"github.com/slsa-framework/slsa-github-generator/internal/builders/common"
-	"github.com/slsa-framework/slsa-github-generator/internal/utils"
-	"github.com/slsa-framework/slsa-github-generator/signing"
-	"github.com/slsa-framework/slsa-github-generator/slsa"
+	"github.com/slsa-framework/slsa-github-generator/v2/github"
+	"github.com/slsa-framework/slsa-github-generator/v2/internal/builders/common"
+	"github.com/slsa-framework/slsa-github-generator/v2/internal/utils"
+	"github.com/slsa-framework/slsa-github-generator/v2/signing"
+	"github.com/slsa-framework/slsa-github-generator/v2/slsa"
 )
 
 // attestCmd returns the 'attest' command.
diff --git a/internal/builders/generic/attest_test.go b/internal/builders/generic/attest_test.go
index 6399ec0eff..b0a745cabe 100644
--- a/internal/builders/generic/attest_test.go
+++ b/internal/builders/generic/attest_test.go
@@ -27,9 +27,9 @@ import (
 	intoto "github.com/in-toto/in-toto-golang/in_toto"
 	slsacommon "github.com/in-toto/in-toto-golang/in_toto/slsa_provenance/common"
 
-	"github.com/slsa-framework/slsa-github-generator/internal/testutil"
-	"github.com/slsa-framework/slsa-github-generator/internal/utils"
-	"github.com/slsa-framework/slsa-github-generator/slsa"
+	"github.com/slsa-framework/slsa-github-generator/v2/internal/testutil"
+	"github.com/slsa-framework/slsa-github-generator/v2/internal/utils"
+	"github.com/slsa-framework/slsa-github-generator/v2/slsa"
 )
 
 const (
diff --git a/internal/builders/generic/main.go b/internal/builders/generic/main.go
index 329152f75c..180fcfff35 100644
--- a/internal/builders/generic/main.go
+++ b/internal/builders/generic/main.go
@@ -20,7 +20,7 @@ import (
 	// TODO: Allow use of other OIDC providers?
 	// Enable the github OIDC auth provider.
 	_ "github.com/sigstore/cosign/v2/pkg/providers/github"
-	"github.com/slsa-framework/slsa-github-generator/signing/sigstore"
+	"github.com/slsa-framework/slsa-github-generator/v2/signing/sigstore"
 
 	"github.com/spf13/cobra"
 )
diff --git a/internal/builders/generic/version.go b/internal/builders/generic/version.go
index 2e71bca108..cc2ec0f1b2 100644
--- a/internal/builders/generic/version.go
+++ b/internal/builders/generic/version.go
@@ -19,7 +19,7 @@ import (
 
 	"github.com/spf13/cobra"
 
-	"github.com/slsa-framework/slsa-github-generator/version"
+	"github.com/slsa-framework/slsa-github-generator/v2/version"
 )
 
 func versionCmd() *cobra.Command {
diff --git a/internal/builders/go/main.go b/internal/builders/go/main.go
index 92e539270c..a34a0c5750 100644
--- a/internal/builders/go/main.go
+++ b/internal/builders/go/main.go
@@ -24,14 +24,14 @@ import (
 	"os"
 	"os/exec"
 
-	"github.com/slsa-framework/slsa-github-generator/github"
-	"github.com/slsa-framework/slsa-github-generator/signing/sigstore"
+	"github.com/slsa-framework/slsa-github-generator/v2/github"
+	"github.com/slsa-framework/slsa-github-generator/v2/signing/sigstore"
 
 	// Enable the GitHub OIDC auth provider.
 	_ "github.com/sigstore/cosign/v2/pkg/providers/github"
 
-	"github.com/slsa-framework/slsa-github-generator/internal/builders/go/pkg"
-	"github.com/slsa-framework/slsa-github-generator/internal/utils"
+	"github.com/slsa-framework/slsa-github-generator/v2/internal/builders/go/pkg"
+	"github.com/slsa-framework/slsa-github-generator/v2/internal/utils"
 )
 
 func usage(p string) {
diff --git a/internal/builders/go/main_test.go b/internal/builders/go/main_test.go
index f1a692b524..6f79810f92 100644
--- a/internal/builders/go/main_test.go
+++ b/internal/builders/go/main_test.go
@@ -26,8 +26,8 @@ import (
 	"github.com/google/go-cmp/cmp"
 	"github.com/google/go-cmp/cmp/cmpopts"
 
-	"github.com/slsa-framework/slsa-github-generator/internal/builders/go/pkg"
-	"github.com/slsa-framework/slsa-github-generator/internal/utils"
+	"github.com/slsa-framework/slsa-github-generator/v2/internal/builders/go/pkg"
+	"github.com/slsa-framework/slsa-github-generator/v2/internal/utils"
 )
 
 func checkWorkingDir(t *testing.T, wd, expected string) {
diff --git a/internal/builders/go/pkg/build.go b/internal/builders/go/pkg/build.go
index 76f846dcff..45bc81f0bb 100644
--- a/internal/builders/go/pkg/build.go
+++ b/internal/builders/go/pkg/build.go
@@ -23,9 +23,9 @@ import (
 	"regexp"
 	"strings"
 
-	"github.com/slsa-framework/slsa-github-generator/github"
-	"github.com/slsa-framework/slsa-github-generator/internal/runner"
-	"github.com/slsa-framework/slsa-github-generator/internal/utils"
+	"github.com/slsa-framework/slsa-github-generator/v2/github"
+	"github.com/slsa-framework/slsa-github-generator/v2/internal/runner"
+	"github.com/slsa-framework/slsa-github-generator/v2/internal/utils"
 )
 
 var unknownTag = "unknown"
diff --git a/internal/builders/go/pkg/config.go b/internal/builders/go/pkg/config.go
index 2bbc351f52..b475dcc510 100644
--- a/internal/builders/go/pkg/config.go
+++ b/internal/builders/go/pkg/config.go
@@ -23,7 +23,7 @@ import (
 
 	"gopkg.in/yaml.v3"
 
-	"github.com/slsa-framework/slsa-github-generator/internal/utils"
+	"github.com/slsa-framework/slsa-github-generator/v2/internal/utils"
 )
 
 var supportedVersions = map[int]bool{
diff --git a/internal/builders/go/pkg/provenance.go b/internal/builders/go/pkg/provenance.go
index 787f7fbc93..1cb2eca50f 100644
--- a/internal/builders/go/pkg/provenance.go
+++ b/internal/builders/go/pkg/provenance.go
@@ -20,13 +20,13 @@ import (
 	"fmt"
 	"os"
 
-	"github.com/slsa-framework/slsa-github-generator/signing"
+	"github.com/slsa-framework/slsa-github-generator/v2/signing"
 
 	intoto "github.com/in-toto/in-toto-golang/in_toto"
 	slsacommon "github.com/in-toto/in-toto-golang/in_toto/slsa_provenance/common"
-	"github.com/slsa-framework/slsa-github-generator/github"
-	"github.com/slsa-framework/slsa-github-generator/internal/utils"
-	"github.com/slsa-framework/slsa-github-generator/slsa"
+	"github.com/slsa-framework/slsa-github-generator/v2/github"
+	"github.com/slsa-framework/slsa-github-generator/v2/internal/utils"
+	"github.com/slsa-framework/slsa-github-generator/v2/slsa"
 )
 
 const (
diff --git a/internal/builders/go/pkg/provenance_test.go b/internal/builders/go/pkg/provenance_test.go
index 47d059e5b3..c6b1516ba0 100644
--- a/internal/builders/go/pkg/provenance_test.go
+++ b/internal/builders/go/pkg/provenance_test.go
@@ -17,8 +17,8 @@ package pkg
 import (
 	"testing"
 
-	"github.com/slsa-framework/slsa-github-generator/internal/testutil"
-	"github.com/slsa-framework/slsa-github-generator/slsa"
+	"github.com/slsa-framework/slsa-github-generator/v2/internal/testutil"
+	"github.com/slsa-framework/slsa-github-generator/v2/slsa"
 )
 
 func TestGenerateProvenance(t *testing.T) {
diff --git a/internal/testutil/signing.go b/internal/testutil/signing.go
index ebc87e6a7a..4ce8a7b986 100644
--- a/internal/testutil/signing.go
+++ b/internal/testutil/signing.go
@@ -19,7 +19,7 @@ import (
 	"errors"
 
 	intoto "github.com/in-toto/in-toto-golang/in_toto"
-	"github.com/slsa-framework/slsa-github-generator/signing"
+	"github.com/slsa-framework/slsa-github-generator/v2/signing"
 )
 
 // TestAttestation is a basic Attestation implementation.
diff --git a/signing/sigstore/bundle.go b/signing/sigstore/bundle.go
index d1f0e9b88c..74ea07192f 100644
--- a/signing/sigstore/bundle.go
+++ b/signing/sigstore/bundle.go
@@ -23,8 +23,8 @@ import (
 	sigstoreBundle "github.com/sigstore/sigstore-go/pkg/bundle"
 	sigstoreRoot "github.com/sigstore/sigstore-go/pkg/root"
 	sigstoreSign "github.com/sigstore/sigstore-go/pkg/sign"
-	"github.com/slsa-framework/slsa-github-generator/github"
-	"github.com/slsa-framework/slsa-github-generator/signing"
+	"github.com/slsa-framework/slsa-github-generator/v2/github"
+	"github.com/slsa-framework/slsa-github-generator/v2/signing"
 )
 
 // BundleSigner is used to produce Sigstore Bundles from provenance statements.
diff --git a/signing/sigstore/fulcio.go b/signing/sigstore/fulcio.go
index 1ba6ab099c..c1cc38a854 100644
--- a/signing/sigstore/fulcio.go
+++ b/signing/sigstore/fulcio.go
@@ -25,8 +25,8 @@ import (
 	"github.com/sigstore/cosign/v2/cmd/cosign/cli/sign"
 	"github.com/sigstore/cosign/v2/pkg/providers"
 	"github.com/sigstore/sigstore/pkg/signature/dsse"
-	"github.com/slsa-framework/slsa-github-generator/signing"
-	"github.com/slsa-framework/slsa-github-generator/signing/envelope"
+	"github.com/slsa-framework/slsa-github-generator/v2/signing"
+	"github.com/slsa-framework/slsa-github-generator/v2/signing/envelope"
 
 	intoto "github.com/in-toto/in-toto-golang/in_toto"
 )
diff --git a/signing/sigstore/rekor.go b/signing/sigstore/rekor.go
index 1a08370451..ff4650e6a4 100644
--- a/signing/sigstore/rekor.go
+++ b/signing/sigstore/rekor.go
@@ -22,7 +22,7 @@ import (
 	"github.com/sigstore/rekor/pkg/client"
 	"github.com/sigstore/rekor/pkg/generated/client/entries"
 	"github.com/sigstore/rekor/pkg/generated/models"
-	"github.com/slsa-framework/slsa-github-generator/signing"
+	"github.com/slsa-framework/slsa-github-generator/v2/signing"
 )
 
 const (
diff --git a/slsa/buildtype.go b/slsa/buildtype.go
index fbf96a1848..a17efb68f3 100644
--- a/slsa/buildtype.go
+++ b/slsa/buildtype.go
@@ -26,7 +26,7 @@ import (
 	slsa "github.com/in-toto/in-toto-golang/in_toto/slsa_provenance/v0.2"
 	slsa02 "github.com/in-toto/in-toto-golang/in_toto/slsa_provenance/v0.2"
 
-	"github.com/slsa-framework/slsa-github-generator/github"
+	"github.com/slsa-framework/slsa-github-generator/v2/github"
 )
 
 // BuildType implements generation of buildType specific elements of SLSA
diff --git a/slsa/clientprovider.go b/slsa/clientprovider.go
index 30d65f050f..b24403b00a 100644
--- a/slsa/clientprovider.go
+++ b/slsa/clientprovider.go
@@ -19,7 +19,7 @@ import (
 
 	githubapi "github.com/google/go-github/v57/github"
 
-	"github.com/slsa-framework/slsa-github-generator/github"
+	"github.com/slsa-framework/slsa-github-generator/v2/github"
 )
 
 // ClientProvider creates Github API clients.
diff --git a/slsa/provenance_test.go b/slsa/provenance_test.go
index b09959285a..34a33e983c 100644
--- a/slsa/provenance_test.go
+++ b/slsa/provenance_test.go
@@ -23,7 +23,7 @@ import (
 	intoto "github.com/in-toto/in-toto-golang/in_toto"
 	slsacommon "github.com/in-toto/in-toto-golang/in_toto/slsa_provenance/common"
 	slsa02 "github.com/in-toto/in-toto-golang/in_toto/slsa_provenance/v0.2"
-	"github.com/slsa-framework/slsa-github-generator/github"
+	"github.com/slsa-framework/slsa-github-generator/v2/github"
 )
 
 var (