diff --git a/.github/workflows/pipeline.yml b/.github/workflows/pipeline.yml
index d106ac9..ef667ac 100644
--- a/.github/workflows/pipeline.yml
+++ b/.github/workflows/pipeline.yml
@@ -16,7 +16,7 @@ jobs:
     with:
       pull_request: ${{ github.event_name == 'pull_request' }}
       step: fmt
-      attestations: "github"
+      attestations: "git github env"
       command: go fmt ./...
 
   vet:
@@ -24,7 +24,7 @@ jobs:
     with:
       pull_request: ${{ github.event_name == 'pull_request' }}
       step: vet
-      attestations: "github"
+      attestations: "git github env"
       command: go vet ./...
 
   lint:
@@ -32,7 +32,7 @@ jobs:
     with:
       pull_request: ${{ github.event_name == 'pull_request' }}
       step: lint
-      attestations: "github"
+      attestations: "git github env"
       pre-command: |
         curl -sSfL https://github.com/hadolint/hadolint/releases/download/v2.12.0/hadolint-Linux-x86_64 -o /usr/local/bin/hadolint && \
         chmod +x /usr/local/bin/hadolint
@@ -46,7 +46,7 @@ jobs:
     with:
       pull_request: ${{ github.event_name == 'pull_request' }}
       step: unit-test
-      attestations: "github"
+      attestations: "git github env"
       command: go test ./... -coverprofile cover.out
       artifact-upload-name: cover.out
       artifact-upload-path: cover.out
@@ -57,7 +57,7 @@ jobs:
     with:
       pull_request: ${{ github.event_name == 'pull_request' }}
       step: sast
-      attestations: "github"
+      attestations: "git github env"
       pre-command: python3 -m pip install semgrep==1.45.0
       command: semgrep scan --config auto ./ --sarif -o semgrep.sarif
       artifact-upload-name: semgrep.sarif
@@ -69,7 +69,7 @@ jobs:
     with:
       pull_request: ${{ github.event_name == 'pull_request' }}
       step: build 
-      attestations: "github"
+      attestations: "git github env"
       command: go build -o bin/software main.go 
   
   build-image:
@@ -84,7 +84,7 @@ jobs:
       uses: testifysec/witness-run-action@40aa4ef36fc431a37de7c3faebcb66513c03b934
       with:
         step: build-image
-        attestations: "github oci"
+        attestations: "git github env oci"
         command: |
           /bin/sh -c "docker build -t jkjell/software:dev . && docker save jkjell/software:dev > image.tar"
 
@@ -100,7 +100,7 @@ jobs:
     with:
       pull_request: ${{ github.event_name == 'pull_request' }}
       step: generate-sbom 
-      attestations: "github"
+      attestations: "git github env"
       artifact-download: image.tar
       pre-command: |
         curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin
@@ -115,7 +115,7 @@ jobs:
     with:
       pull_request: ${{ github.event_name == 'pull_request' }}
       step: cve-scan 
-      attestations: "github"
+      attestations: "git github env"
       artifact-download: image.tar
       pre-command: |
         curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin
@@ -130,7 +130,7 @@ jobs:
     with:
       pull_request: ${{ github.event_name == 'pull_request' }}
       step: secret-scan
-      attestations: "github"
+      attestations: "git github env"
       artifact-download: image.tar
       pre-command: |
         curl -sSfL https://raw.githubusercontent.com/trufflesecurity/trufflehog/main/scripts/install.sh | sh -s -- -b /usr/local/bin
@@ -147,7 +147,7 @@ jobs:
     with:
       pull_request: ${{ github.event_name == 'pull_request' }}
       step: verify 
-      attestations: "github"
+      attestations: "git github env"
       artifact-download: image.tar
       pre-command: |
         curl -sSfL https://github.com/testifysec/witness/releases/download/v0.1.14/witness_0.1.14_linux_amd64.tar.gz -o witness.tar.gz && \