[Bug]: Scorecard analysis failure

[ClaudiaComito]

What happened?

"Merger of the Week" @mrfh92 reports that the Scorecard analysis workflow fails on main after merging one of the dependabot updates of the week.

Code snippet triggering the error

No response

Error message or erroneous outcome

No response

Version

main (development branch)

Python version

None

PyTorch version

None

MPI version

No response

[github-actions[bot]]

Branch bugs/1414-_Bug_Scorecard_analysis_failure created!

[mrfh92]

This bug still exists as running the job again still results in failure

[mrfh92]

2024/03/27 06:45:31 error signing scorecard json results: error signing payload: getting key from Fulcio: verifying SCT: updating local metadata and targets: error updating to TUF remote mirror: invalid key
remote status:{
    "mirror": "https://sigstore-tuf-root.storage.googleapis.com/",
    "metadata": {
        "root.json": {
            "version": 9,
            "len": 6766,
            "expiration": "12 Sep 24 06:53 UTC",
            "error": ""
        },
        "snapshot.json": {
            "version": 133,
            "len": 2302,
            "expiration": "16 Apr 24 16:08 UTC",
            "error": ""
        },
        "targets.json": {
            "version": 9,
            "len": 5478,
            "expiration": "12 Sep 24 06:13 UTC",
            "error": ""
        },
        "timestamp.json": {
            "version": 171,
            "len": 719,
            "expiration": "02 Apr 24 16:08 UTC",
            "error": ""
        }
    }
}

This might be the corresponding error message but I am not sure whether this is really the point of failure

[matthyx]

hi, we have the same issue since last Friday on https://github.com/kubescape/kubescape

[mrfh92]

This happened after #1407 had been merged