PHPCSStandards · jrfnl · Jun 26, 2025 · Jun 26, 2025
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -653,7 +653,7 @@ All deprecation are slated for removal in PHP_CodeSniffer 4.0.
 [#608]: https://github.com/PHPCSStandards/PHP_CodeSniffer/issues/608
 
 [ghcli]:    https://cli.github.com/
-[ghattest]: https://docs.github.com/en/actions/security-for-github-actions/using-artifact-attestations/using-artifact-attestations-to-establish-provenance-for-builds
+[ghattest]: https://docs.github.com/en/actions/how-tos/security-for-github-actions/using-artifact-attestations/using-artifact-attestations-to-establish-provenance-for-builds
 
 ## [3.10.2] - 2024-07-22
 

diff --git a/README.md b/README.md
@@ -50,7 +50,7 @@ php phpcbf.phar -h
 These Phars are signed with the official Release key for PHPCS with the
 fingerprint `D91D 8696 3AF3 A29B 6520 4622 97B0 2DD8 E507 1466`.
 
-As of PHP_CodeSniffer 3.10.3, the provenance of PHAR files associated with a release can be verified via [GitHub Artifact Attestations](https://docs.github.com/en/actions/security-for-github-actions/using-artifact-attestations/using-artifact-attestations-to-establish-provenance-for-builds) using the [GitHub CLI tool](https://cli.github.com/) with the following command: `gh attestation verify [phpcs|phpcbf].phar -o PHPCSStandards`.
+As of PHP_CodeSniffer 3.10.3, the provenance of PHAR files associated with a release can be verified via [GitHub Artifact Attestations](https://docs.github.com/en/actions/how-tos/security-for-github-actions/using-artifact-attestations/using-artifact-attestations-to-establish-provenance-for-builds) using the [GitHub CLI tool](https://cli.github.com/) with the following command: `gh attestation verify [phpcs|phpcbf].phar -o PHPCSStandards`.
 
 ### Composer
 If you use Composer, you can install PHP_CodeSniffer system-wide with the following command: