scorecard pipeline is failing in `master` branch

Question

scorecard pipeline is failing in `master` branch

ytsarev opened this issue 3 months ago · comments

Yury Tsarev commented 3 months ago

It's happening for a while, example https://github.com/k8gb-io/k8gb/actions/runs/9150847377

Yury Tsarev · Answer 1 · Mon May 20 2024 07:58:05 GMT+0800 (China Standard Time)

@jkremser as a supply chain master, do you see there some obvious fix? :)

Jirka Kremser · Answer 2 · Mon May 20 2024 17:24:25 GMT+0800 (China Standard Time)

🤞 #1567

Yury Tsarev · Answer 3 · Mon May 20 2024 19:01:36 GMT+0800 (China Standard Time)

@jkremser, thanks a ton for the quick attempt! https://github.com/k8gb-io/k8gb/actions/runs/9157536246/job/25174078930 unfortunately, it still fails

Yury Tsarev · Answer 4 · Sat Jun 08 2024 00:53:35 GMT+0800 (China Standard Time)

breadcrumb ossf/scorecard-action#997

Yury Tsarev · Answer 5 · Mon Jul 01 2024 05:36:23 GMT+0800 (China Standard Time)

2024/06/30 12:56:35 error signing scorecard json results: error signing payload: getting key from Fulcio: verifying SCT: updating local metadata and targets: error updating to TUF remote mirror: invalid key

which is matching the issue above