diff --git a/lib/index.js b/lib/index.js
index 35120ed..1fd325a 100644
--- a/lib/index.js
+++ b/lib/index.js
@@ -35831,8 +35831,8 @@ async function downloadCage({ version, token, }) {
         throw new Error(`Checksums not found for ${version}`);
     if (!asset)
         throw new Error(`Asset not found for ${platformArch}`);
-    console.assert(asset.url.startsWith("https://github.com/"), "asset.url is not valid: %s", asset.url);
-    console.assert(checksums.url.startsWith("https://github.com/"), "checksums.url is not valid: %s", checksums.url);
+    console.assert(asset.url.startsWith("https://"), "asset.url is not secure: %s", asset.url);
+    console.assert(checksums.url.startsWith("https://"), "checksums.url is not secure: %s", checksums.url);
     const checksumsContent = await tc.downloadTool(checksums.url);
     const checksumEntries = await parseChecksum(checksumsContent);
     const hash = checksumEntries.get(asset.name);
diff --git a/src/setup.ts b/src/setup.ts
index 966080b..4419dba 100644
--- a/src/setup.ts
+++ b/src/setup.ts
@@ -48,13 +48,13 @@ export async function downloadCage({
   if (!checksums) throw new Error(`Checksums not found for ${version}`);
   if (!asset) throw new Error(`Asset not found for ${platformArch}`);
   console.assert(
-    asset.url.startsWith("https://github.com/"),
-    "asset.url is not valid: %s",
+    asset.url.startsWith("https://"),
+    "asset.url is not secure: %s",
     asset.url,
   );
   console.assert(
-    checksums.url.startsWith("https://github.com/"),
-    "checksums.url is not valid: %s",
+    checksums.url.startsWith("https://"),
+    "checksums.url is not secure: %s",
     checksums.url,
   );
   const checksumsContent = await tc.downloadTool(checksums.url);