slsa-framework · Shion1305 · Nov 10, 2025 · Nov 10, 2025
@@ -1,4 +1,4 @@
-module github.com/slsa-framework/slsa-github-generator
+module github.com/slsa-framework/slsa-github-generator/v2
 
 go 1.23.1
 

@@ -14,7 +14,7 @@
 
 package common
 
-import "github.com/slsa-framework/slsa-github-generator/slsa"
+import "github.com/slsa-framework/slsa-github-generator/v2/slsa"
 
 // GenericBuild is a very generic build type where build type can be specified.
 type GenericBuild struct {

@@ -21,10 +21,10 @@ import (
 
 	"github.com/spf13/cobra"
 
-	"github.com/slsa-framework/slsa-github-generator/github"
-	"github.com/slsa-framework/slsa-github-generator/internal/builders/common"
-	"github.com/slsa-framework/slsa-github-generator/internal/utils"
-	"github.com/slsa-framework/slsa-github-generator/slsa"
+	"github.com/slsa-framework/slsa-github-generator/v2/github"
+	"github.com/slsa-framework/slsa-github-generator/v2/internal/builders/common"
+	"github.com/slsa-framework/slsa-github-generator/v2/internal/utils"
+	"github.com/slsa-framework/slsa-github-generator/v2/slsa"
 )
 
 // generateCmd returns the 'generate' command.

@@ -21,8 +21,8 @@ import (
 	"path/filepath"
 	"testing"
 
-	"github.com/slsa-framework/slsa-github-generator/internal/utils"
-	"github.com/slsa-framework/slsa-github-generator/slsa"
+	"github.com/slsa-framework/slsa-github-generator/v2/internal/utils"
+	"github.com/slsa-framework/slsa-github-generator/v2/slsa"
 )
 
 func checkTest(t *testing.T) func(err error) {

@@ -19,7 +19,7 @@ import (
 
 	"github.com/spf13/cobra"
 
-	"github.com/slsa-framework/slsa-github-generator/version"
+	"github.com/slsa-framework/slsa-github-generator/v2/version"
 )
 
 func versionCmd() *cobra.Command {

@@ -29,8 +29,8 @@ import (
 	"github.com/google/go-cmp/cmp/cmpopts"
 	"github.com/spf13/cobra"
 
-	"github.com/slsa-framework/slsa-github-generator/internal/builders/docker/pkg"
-	"github.com/slsa-framework/slsa-github-generator/internal/utils"
+	"github.com/slsa-framework/slsa-github-generator/v2/internal/builders/docker/pkg"
+	"github.com/slsa-framework/slsa-github-generator/v2/internal/utils"
 )
 
 // DryRunCmd returns a new *cobra.Command that validates the input flags, and

@@ -42,7 +42,7 @@ import (
 	intoto "github.com/in-toto/in-toto-golang/in_toto"
 	slsa1 "github.com/in-toto/in-toto-golang/in_toto/slsa_provenance/v1"
 
-	"github.com/slsa-framework/slsa-github-generator/internal/utils"
+	"github.com/slsa-framework/slsa-github-generator/v2/internal/utils"
 )
 
 var (

@@ -23,7 +23,7 @@ import (
 	"strings"
 
 	toml "github.com/pelletier/go-toml"
-	"github.com/slsa-framework/slsa-github-generator/internal/utils"
+	"github.com/slsa-framework/slsa-github-generator/v2/internal/utils"
 )
 
 // BuildConfig is a collection of parameters to use for building the artifact.

@@ -26,11 +26,11 @@ import (
 	"github.com/spf13/cobra"
 
 	intoto "github.com/in-toto/in-toto-golang/in_toto"
-	"github.com/slsa-framework/slsa-github-generator/github"
-	"github.com/slsa-framework/slsa-github-generator/internal/builders/common"
-	"github.com/slsa-framework/slsa-github-generator/internal/utils"
-	"github.com/slsa-framework/slsa-github-generator/signing"
-	"github.com/slsa-framework/slsa-github-generator/slsa"
+	"github.com/slsa-framework/slsa-github-generator/v2/github"
+	"github.com/slsa-framework/slsa-github-generator/v2/internal/builders/common"
+	"github.com/slsa-framework/slsa-github-generator/v2/internal/utils"
+	"github.com/slsa-framework/slsa-github-generator/v2/signing"
+	"github.com/slsa-framework/slsa-github-generator/v2/slsa"
 )
 
 // attestCmd returns the 'attest' command.

@@ -27,9 +27,9 @@ import (
 	intoto "github.com/in-toto/in-toto-golang/in_toto"
 	slsacommon "github.com/in-toto/in-toto-golang/in_toto/slsa_provenance/common"
 
-	"github.com/slsa-framework/slsa-github-generator/internal/testutil"
-	"github.com/slsa-framework/slsa-github-generator/internal/utils"
-	"github.com/slsa-framework/slsa-github-generator/slsa"
+	"github.com/slsa-framework/slsa-github-generator/v2/internal/testutil"
+	"github.com/slsa-framework/slsa-github-generator/v2/internal/utils"
+	"github.com/slsa-framework/slsa-github-generator/v2/slsa"
 )
 
 const (

@@ -20,7 +20,7 @@ import (
 	// TODO: Allow use of other OIDC providers?
 	// Enable the github OIDC auth provider.
 	_ "github.com/sigstore/cosign/v2/pkg/providers/github"
-	"github.com/slsa-framework/slsa-github-generator/signing/sigstore"
+	"github.com/slsa-framework/slsa-github-generator/v2/signing/sigstore"
 
 	"github.com/spf13/cobra"
 )

@@ -19,7 +19,7 @@ import (
 
 	"github.com/spf13/cobra"
 
-	"github.com/slsa-framework/slsa-github-generator/version"
+	"github.com/slsa-framework/slsa-github-generator/v2/version"
 )
 
 func versionCmd() *cobra.Command {

@@ -24,14 +24,14 @@ import (
 	"os"
 	"os/exec"
 
-	"github.com/slsa-framework/slsa-github-generator/github"
-	"github.com/slsa-framework/slsa-github-generator/signing/sigstore"
+	"github.com/slsa-framework/slsa-github-generator/v2/github"
+	"github.com/slsa-framework/slsa-github-generator/v2/signing/sigstore"
 
 	// Enable the GitHub OIDC auth provider.
 	_ "github.com/sigstore/cosign/v2/pkg/providers/github"
 
-	"github.com/slsa-framework/slsa-github-generator/internal/builders/go/pkg"
-	"github.com/slsa-framework/slsa-github-generator/internal/utils"
+	"github.com/slsa-framework/slsa-github-generator/v2/internal/builders/go/pkg"
+	"github.com/slsa-framework/slsa-github-generator/v2/internal/utils"
 )
 
 func usage(p string) {

@@ -26,8 +26,8 @@ import (
 	"github.com/google/go-cmp/cmp"
 	"github.com/google/go-cmp/cmp/cmpopts"
 
-	"github.com/slsa-framework/slsa-github-generator/internal/builders/go/pkg"
-	"github.com/slsa-framework/slsa-github-generator/internal/utils"
+	"github.com/slsa-framework/slsa-github-generator/v2/internal/builders/go/pkg"
+	"github.com/slsa-framework/slsa-github-generator/v2/internal/utils"
 )
 
 func checkWorkingDir(t *testing.T, wd, expected string) {

@@ -23,9 +23,9 @@ import (
 	"regexp"
 	"strings"
 
-	"github.com/slsa-framework/slsa-github-generator/github"
-	"github.com/slsa-framework/slsa-github-generator/internal/runner"
-	"github.com/slsa-framework/slsa-github-generator/internal/utils"
+	"github.com/slsa-framework/slsa-github-generator/v2/github"
+	"github.com/slsa-framework/slsa-github-generator/v2/internal/runner"
+	"github.com/slsa-framework/slsa-github-generator/v2/internal/utils"
 )
 
 var unknownTag = "unknown"

@@ -23,7 +23,7 @@ import (
 
 	"gopkg.in/yaml.v3"
 
-	"github.com/slsa-framework/slsa-github-generator/internal/utils"
+	"github.com/slsa-framework/slsa-github-generator/v2/internal/utils"
 )
 
 var supportedVersions = map[int]bool{

@@ -20,13 +20,13 @@ import (
 	"fmt"
 	"os"
 
-	"github.com/slsa-framework/slsa-github-generator/signing"
+	"github.com/slsa-framework/slsa-github-generator/v2/signing"
 
 	intoto "github.com/in-toto/in-toto-golang/in_toto"
 	slsacommon "github.com/in-toto/in-toto-golang/in_toto/slsa_provenance/common"
-	"github.com/slsa-framework/slsa-github-generator/github"
-	"github.com/slsa-framework/slsa-github-generator/internal/utils"
-	"github.com/slsa-framework/slsa-github-generator/slsa"
+	"github.com/slsa-framework/slsa-github-generator/v2/github"
+	"github.com/slsa-framework/slsa-github-generator/v2/internal/utils"
+	"github.com/slsa-framework/slsa-github-generator/v2/slsa"
 )
 
 const (

@@ -17,8 +17,8 @@ package pkg
 import (
 	"testing"
 
-	"github.com/slsa-framework/slsa-github-generator/internal/testutil"
-	"github.com/slsa-framework/slsa-github-generator/slsa"
+	"github.com/slsa-framework/slsa-github-generator/v2/internal/testutil"
+	"github.com/slsa-framework/slsa-github-generator/v2/slsa"
 )
 
 func TestGenerateProvenance(t *testing.T) {

@@ -19,7 +19,7 @@ import (
 	"errors"
 
 	intoto "github.com/in-toto/in-toto-golang/in_toto"
-	"github.com/slsa-framework/slsa-github-generator/signing"
+	"github.com/slsa-framework/slsa-github-generator/v2/signing"
 )
 
 // TestAttestation is a basic Attestation implementation.

@@ -23,8 +23,8 @@ import (
 	sigstoreBundle "github.com/sigstore/sigstore-go/pkg/bundle"
 	sigstoreRoot "github.com/sigstore/sigstore-go/pkg/root"
 	sigstoreSign "github.com/sigstore/sigstore-go/pkg/sign"
-	"github.com/slsa-framework/slsa-github-generator/github"
-	"github.com/slsa-framework/slsa-github-generator/signing"
+	"github.com/slsa-framework/slsa-github-generator/v2/github"
+	"github.com/slsa-framework/slsa-github-generator/v2/signing"
 )
 
 // BundleSigner is used to produce Sigstore Bundles from provenance statements.

@@ -25,8 +25,8 @@ import (
 	"github.com/sigstore/cosign/v2/cmd/cosign/cli/sign"
 	"github.com/sigstore/cosign/v2/pkg/providers"
 	"github.com/sigstore/sigstore/pkg/signature/dsse"
-	"github.com/slsa-framework/slsa-github-generator/signing"
-	"github.com/slsa-framework/slsa-github-generator/signing/envelope"
+	"github.com/slsa-framework/slsa-github-generator/v2/signing"
+	"github.com/slsa-framework/slsa-github-generator/v2/signing/envelope"
 
 	intoto "github.com/in-toto/in-toto-golang/in_toto"
 )

@@ -22,7 +22,7 @@ import (
 	"github.com/sigstore/rekor/pkg/client"
 	"github.com/sigstore/rekor/pkg/generated/client/entries"
 	"github.com/sigstore/rekor/pkg/generated/models"
-	"github.com/slsa-framework/slsa-github-generator/signing"
+	"github.com/slsa-framework/slsa-github-generator/v2/signing"
 )
 
 const (

@@ -26,7 +26,7 @@ import (
 	slsa "github.com/in-toto/in-toto-golang/in_toto/slsa_provenance/v0.2"
 	slsa02 "github.com/in-toto/in-toto-golang/in_toto/slsa_provenance/v0.2"
 
-	"github.com/slsa-framework/slsa-github-generator/github"
+	"github.com/slsa-framework/slsa-github-generator/v2/github"
 )
 
 // BuildType implements generation of buildType specific elements of SLSA

@@ -19,7 +19,7 @@ import (
 
 	githubapi "github.com/google/go-github/v57/github"
 
-	"github.com/slsa-framework/slsa-github-generator/github"
+	"github.com/slsa-framework/slsa-github-generator/v2/github"
 )
 
 // ClientProvider creates Github API clients.

@@ -23,7 +23,7 @@ import (
 	intoto "github.com/in-toto/in-toto-golang/in_toto"
 	slsacommon "github.com/in-toto/in-toto-golang/in_toto/slsa_provenance/common"
 	slsa02 "github.com/in-toto/in-toto-golang/in_toto/slsa_provenance/v0.2"
-	"github.com/slsa-framework/slsa-github-generator/github"
+	"github.com/slsa-framework/slsa-github-generator/v2/github"
 )
 
 var (