Conversation
Since v5.3.0, scorecard skips dangling symlinks and detects symlink path traversal when run on local files That resolved bootc repo error: Error: check runtime error: Binary-Artifacts: internal error: error during ListFiles: error walking the path ".": stat baseimage/base/ostree: no such file or directory Signed-off-by: Xiaofeng Wang <henrywangxf@me.com>
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request updates the OpenSSF Scorecard to v5.4.0. The change is correct and addresses a bug as described in the PR description. I've added a suggestion to also improve architecture support in the action, making it compatible with ARM64 runners. Additionally, please note that the local testing instructions in the file's header comment are now outdated and could be updated in a follow-up to avoid confusion.
| VERSION=v5.4.0 | ||
| ARCH=$(uname -m | sed 's/x86_64/amd64/') |
There was a problem hiding this comment.
While updating the version, it's a good opportunity to also add support for ARM64 architecture. The current script only handles x86_64 and will fail on aarch64 runners. Scorecard provides arm64 artifacts for Linux, so we can easily add support for it.
VERSION=v5.4.0
ARCH=$(uname -m | sed -e 's/x86_64/amd64/' -e 's/aarch64/arm64/')
cgwalters
left a comment
cgwalters
left a comment
There was a problem hiding this comment.
In theory renovate should have picked this up...
2 participants
Since v5.3.0, scorecard skips dangling symlinks and detects symlink path traversal when run on local files
That resolved bootc repo error:
Error: check runtime error: Binary-Artifacts: internal error: error during ListFiles: error walking the path ".": stat baseimage/base/ostree: no such file or directoryhttps://github.com/bootc-dev/bootc/actions/runs/21049699430/job/60560609756?pr=1920