diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 07e8069..039cc44 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -56,14 +56,17 @@ jobs:
         id: slsa
         env:
           ARTIFACTS: "${{ steps.run-goreleaser.outputs.artifacts }}"
+          METADATA: "${{ steps.run-goreleaser.outputs.metadata }}"
         run: |
           set -euo pipefail
 
-          checksum_file=$(echo "$ARTIFACTS" | jq -r '.[] | select (.type == "Checksum") | .path')
+          checksum_file=$(echo "${ARTIFACTS}" | jq -r '.[] | select (.type == "Checksum") | .path')
           echo "hashes=$(cat $checksum_file | base64 -w0)" >> "$GITHUB_OUTPUT"
+          tag_name=$(echo "${METADATA}" | jq -r '.tag')
+          echo "tag_name=${tag_name}" >> "$GITHUB_OUTPUT"
     outputs:
-      hashes: ${{ steps.slsa.outputs.hashes }}
-      # tag_name: ${{ steps.tag.outputs.tag_name }}
+      hashes: "${{ steps.slsa.outputs.hashes }}"
+      tag_name: "${{ steps.slsa.outputs.tag_name }}"
 
   provenance:
     name: Provenance
@@ -78,3 +81,5 @@ jobs:
     with:
       base64-subjects: "${{ needs.goreleaser.outputs.hashes }}"
       upload-assets: true
+      # Use the existing release created by Goreleaser instead of creating another.
+      upload-tag-name: "${{ needs.goreleaser.outputs.tag_name }}"
diff --git a/.goreleaser.yaml b/.goreleaser.yaml
index 4e7abdd..0d8153c 100644
--- a/.goreleaser.yaml
+++ b/.goreleaser.yaml
@@ -43,14 +43,14 @@ kos:
     preserve_import_paths: false
 
 checksum:
-  algorithm: sha512
+  algorithm: sha256
   name_template: "CHECKSUMS.txt"
 
 sboms:
   - artifacts: binary
     cmd: syft
     args:
-      - "$artifact"
+      - "${artifact}"
       - "--file"
       - "${document}"
       - "--output"