Failed to verify signature

[nikhithabyreddy]

Summary

We have a in house plugin created to check for tags in resources so that is being installed as part of tflint init while performing the tflint --init we are getting the below error
14:28:05 signature.go:135: [DEBUG] Failed to verify signature: failed to verify log inclusion: not enough verified log entries from transparency log: 0 < 1
Failed to install a plugin; Failed to check checksums.txt signature: failed to verify log inclusion: not enough verified log entries from transparency log: 0 < 1

Command

tflint --init

Terraform Configuration

terraform {
  required_version = "1.9.3"

TFLint Configuration

plugin "xxxx" {
  enabled = true
  version = "0.1.0"
  source  = "github.com/xxxx/tflint-ruleset-xxxx"
}

Output

14:28:05 signature.go:135: [DEBUG] Failed to verify signature: failed to verify log inclusion: not enough verified log entries from transparency log: 0 < 1
Failed to install a plugin; Failed to check checksums.txt signature: failed to verify log inclusion: not enough verified log entries from transparency log: 0 < 1

TFLint Version

0.55.0

Terraform Version

1.9.3

Operating System

• Linux
• macOS
• Windows

[wata727]

Thank you for reporting this. This is due to plugin keyless verification introduced in v0.55.
From the error, it looks like the transparency logs aren't included in the artifact attestation, but I'm not sure what cases that would happen.

Can you share the artifact attestation of the plugin you have installed?
You can see them in https://github.com/xxxx/tflint-ruleset-xxxx/attestations

[nikhithabyreddy]

@wata727 Here is the artifact attestation
attestation-sigstore (2).json