update vsa example to match new behavior (#174)

* update vsa example to match new behavior

Signed-off-by: Tom Hennen <[email protected]>

* remove todo

Signed-off-by: Tom Hennen <[email protected]>

---------

Signed-off-by: Tom Hennen <[email protected]>

Author: TomHennen

DESIGN.md

@@ -204,9 +204,6 @@ then that means the repository has configured a ruleset to require the check
 Currently this tool _only_ reports checks that come from GitHub Actions.
 Other checks will not be recorded in the provenance.
 
-TODO: Update the policy to support requiring these checks and to embed an
-org specified property in the VSA.
-
 #### Branch Updates
 
 This control gets evaluated when protected branches are being updated. That
@@ -411,10 +408,11 @@ Example VSA
       "uri": "https://github.com/slsa-framework/slsa-source-poc/blob/main/policy/github.com/slsa-framework/slsa-source-poc/source-policy.json"
     },
     "resourceUri": "git+https://github.com/slsa-framework/slsa-source-poc",
-    "timeVerified": "2025-06-01T15:19:28.226795439Z",
+    "timeVerified": "2025-06-01T21:51:51.451207508Z",
     "verificationResult": "PASSED",
     "verifiedLevels": [
       "SLSA_SOURCE_LEVEL_3",
+      "TAG_HYGIENE",
       "ORG_SOURCE_TESTED"
     ],
     "verifier": {