diff --git a/generated/api.github.com.deref.json b/generated/api.github.com.deref.json
index b0eef161..55e4742d 100644
--- a/generated/api.github.com.deref.json
+++ b/generated/api.github.com.deref.json
@@ -69448,7 +69448,7 @@
       }
     },
     "/orgs/{org}/attestations/bulk-list": {
-      "post": {
+      "get": {
         "summary": "List attestations by bulk subject digests",
         "description": "List a collection of artifact attestations associated with any entry in a list of subject digests owned by an organization.\n\nThe collection of attestations returned by this endpoint is filtered according to the authenticated user's permissions; if the authenticated user cannot read a repository, the attestations associated with that repository will not be included in the response. In addition, when using a fine-grained access token the `attestations:read` permission is required.\n\n**Please note:** in order to offer meaningful security benefits, an attestation's signature and timestamps **must** be cryptographically verified, and the identity of the attestation signer **must** be validated. Attestations can be verified using the [GitHub CLI `attestation verify` command](https://cli.github.com/manual/gh_attestation_verify). For more information, see [our guide on how to use artifact attestations to establish a build's provenance](https://docs.github.com/actions/security-guides/using-artifact-attestations-to-establish-provenance-for-builds).",
         "tags": [
diff --git a/generated/api.github.com.json b/generated/api.github.com.json
index 7c9a57f0..39ee45c1 100644
--- a/generated/api.github.com.json
+++ b/generated/api.github.com.json
@@ -12584,7 +12584,7 @@
       }
     },
     "/orgs/{org}/attestations/bulk-list": {
-      "post": {
+      "get": {
         "summary": "List attestations by bulk subject digests",
         "description": "List a collection of artifact attestations associated with any entry in a list of subject digests owned by an organization.\n\nThe collection of attestations returned by this endpoint is filtered according to the authenticated user's permissions; if the authenticated user cannot read a repository, the attestations associated with that repository will not be included in the response. In addition, when using a fine-grained access token the `attestations:read` permission is required.\n\n**Please note:** in order to offer meaningful security benefits, an attestation's signature and timestamps **must** be cryptographically verified, and the identity of the attestation signer **must** be validated. Attestations can be verified using the [GitHub CLI `attestation verify` command](https://cli.github.com/manual/gh_attestation_verify). For more information, see [our guide on how to use artifact attestations to establish a build's provenance](https://docs.github.com/actions/security-guides/using-artifact-attestations-to-establish-provenance-for-builds).",
         "tags": [
diff --git a/generated/ghec.deref.json b/generated/ghec.deref.json
index 004061e2..0e725be4 100644
--- a/generated/ghec.deref.json
+++ b/generated/ghec.deref.json
@@ -104571,7 +104571,7 @@
       }
     },
     "/orgs/{org}/attestations/bulk-list": {
-      "post": {
+      "get": {
         "summary": "List attestations by bulk subject digests",
         "description": "List a collection of artifact attestations associated with any entry in a list of subject digests owned by an organization.\n\nThe collection of attestations returned by this endpoint is filtered according to the authenticated user's permissions; if the authenticated user cannot read a repository, the attestations associated with that repository will not be included in the response. In addition, when using a fine-grained access token the `attestations:read` permission is required.\n\n**Please note:** in order to offer meaningful security benefits, an attestation's signature and timestamps **must** be cryptographically verified, and the identity of the attestation signer **must** be validated. Attestations can be verified using the [GitHub CLI `attestation verify` command](https://cli.github.com/manual/gh_attestation_verify). For more information, see [our guide on how to use artifact attestations to establish a build's provenance](https://docs.github.com/enterprise-cloud@latest//actions/security-guides/using-artifact-attestations-to-establish-provenance-for-builds).",
         "tags": [
diff --git a/generated/ghec.json b/generated/ghec.json
index 325c1315..cb3eebec 100644
--- a/generated/ghec.json
+++ b/generated/ghec.json
@@ -20811,7 +20811,7 @@
       }
     },
     "/orgs/{org}/attestations/bulk-list": {
-      "post": {
+      "get": {
         "summary": "List attestations by bulk subject digests",
         "description": "List a collection of artifact attestations associated with any entry in a list of subject digests owned by an organization.\n\nThe collection of attestations returned by this endpoint is filtered according to the authenticated user's permissions; if the authenticated user cannot read a repository, the attestations associated with that repository will not be included in the response. In addition, when using a fine-grained access token the `attestations:read` permission is required.\n\n**Please note:** in order to offer meaningful security benefits, an attestation's signature and timestamps **must** be cryptographically verified, and the identity of the attestation signer **must** be validated. Attestations can be verified using the [GitHub CLI `attestation verify` command](https://cli.github.com/manual/gh_attestation_verify). For more information, see [our guide on how to use artifact attestations to establish a build's provenance](https://docs.github.com/enterprise-cloud@latest//actions/security-guides/using-artifact-attestations-to-establish-provenance-for-builds).",
         "tags": [
diff --git a/scripts/build.mjs b/scripts/build.mjs
index fc0534ff..5940fdeb 100644
--- a/scripts/build.mjs
+++ b/scripts/build.mjs
@@ -52,6 +52,16 @@ async function run() {
     // apply overrides to the unaltered schemas from GitHub
     overrides(file, schema);
 
+    // temporary fix for bulk-list endpoint being POST instead of GET
+    if (
+      schema.paths["/orgs/{org}/attestations/bulk-list"] &&
+      schema.paths["/orgs/{org}/attestations/bulk-list"].post
+    ) {
+      schema.paths["/orgs/{org}/attestations/bulk-list"] = {
+        get: { ...schema.paths["/orgs/{org}/attestations/bulk-list"].post },
+      };
+    }
+
     for (const [path, methods] of Object.entries(schema.paths)) {
       for (const [method, operation] of Object.entries(methods)) {
         const route = `${method.toUpperCase()} ${path}`;