Why does automatic evidence collection require OIDC authentication?

[connorjkennedy]

How can we help?

We have multiple workflows that utilize this action to enable jfrog-cli usage within github actions. When analyzing the Post Setup JFrog Cli output, I noticed this line in the evidence collection section:

Evidence collection does not support authentication with username and password. Skipping evidence collection.

In our configuration, we are unable to easily and and manage these OIDC providers as described in the "Connecting to JFrog using OIDC (OpenID Connect)" section of the README in this repo, and thus can only use username/password authentication.

The question is, why is this the case? Are there any plans in the works to fix this and thus enable support for automatic evidence upload no matter what the authentication method is?

Thank you!