diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 0b04eda84..0d399bfbb 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -51,18 +51,19 @@ jobs:
     permissions: read-all
     steps:
       - name: Install SLSA verifier
-        uses: slsa-framework/slsa-verifier/actions/installer@v2.0.1
+        uses: slsa-framework/slsa-verifier/actions/installer@v2.1.0
       - name: Download assets
         env:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          PROVENANCE: "${{ needs.provenance.outputs.provenance-name }}"
         run: |
           set -euo pipefail
           gh -R "$GITHUB_REPOSITORY" release download "$GITHUB_REF_NAME" -p "*.tar.gz"
-          gh -R "$GITHUB_REPOSITORY" release download "$GITHUB_REF_NAME" -p "multiple.intoto.jsonl"
+          gh -R "$GITHUB_REPOSITORY" release download "$GITHUB_REF_NAME" -p $PROVENANCE
       - name: Verify assets
         env:
           CHECKSUMS: ${{ needs.goreleaser.outputs.hashes }}
-          PROVENANCE: "${{ needs.provenance.outputs.attestation-name }}"
+          PROVENANCE: "${{ needs.provenance.outputs.provenance-name }}"
         run: |
           set -euo pipefail
           checksums=$(echo "$CHECKSUMS" | base64 -d)