diff --git a/.goreleaser.yaml b/.goreleaser.yaml
index 23536c5eb..b93427b12 100644
--- a/.goreleaser.yaml
+++ b/.goreleaser.yaml
@@ -6,10 +6,6 @@ release:
   # If set to true, will not auto-publish the release. This is done to allow us to review the changelog before publishing.
   draft: true
 
-  # This ensures any macOS signed artifacts get included with the release.
-  extra_files:
-    - glob: "./dist/*.dmg"
-
 builds:
   - binary: syft
     id: syft
@@ -61,15 +57,11 @@ archives:
       - syft-macos
 
 signs:
-  - artifacts: checksum
-    ids:
-      - syft # i.e. Linux only
-    args: ["--output", "${signature}", "--detach-sign", "${artifact}"]
   - id: syft-macos-signing
-    signature: "./dist/syft_{{ .Version }}_darwin_amd64.dmg"
     ids:
       - syft-macos
     cmd: ./.github/scripts/mac-sign-and-notarize.sh
+    signature: "syft_${VERSION}_darwin_amd64.dmg" # This is somewhat unintuitive. This gets the DMG file recognized as an artifact. In fact, both a DMG and a ZIP file are being produced by this signing step.
     args:
       - "{{ .IsSnapshot }}"
       - "gon.hcl"