Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Do not simply take latest UUID from Rekor #135

Open
azeemshaikh38 opened this issue Jul 6, 2022 · 1 comment
Open

Do not simply take latest UUID from Rekor #135

azeemshaikh38 opened this issue Jul 6, 2022 · 1 comment

Comments

@azeemshaikh38
Copy link
Contributor

This line needs better logic to find the right UUID from the list of returned UUIDs.
@spencerschrock
Copy link
Contributor

Note: The https://rekor.sigstore.dev/api/v1/index/retrieve endpoint is experimental and marked as deprecated.
sigstore/rekor#1021

So we should look into changes to our code here:

scorecard-webapp/app/server/post_results.go

Lines 262 to 269 in b012970

uuids, err := getUUIDsByPayload(ctx, payload)
if err != nil || len(uuids) == 0 {
return nil, fmt.Errorf("error finding tlog entries corresponding to payload: %w", err)
}
// TODO(#135): We can't simply take the latest UUID. Either:
// (a) iterate through all returned UUIDs to find the right one.
// (b) send tlog index in the POST payload to identify the corresponding UUID.
uuid := uuids[len(uuids)-1] // ignore past entries.

This was referenced Jun 9, 2023
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@azeemshaikh38 @spencerschrock