diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
index e5d5dce1..b200c4ca 100644
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@@ -44,6 +44,7 @@ jobs:
           allowed-endpoints: >
             api.github.com:443
             api.osv.dev:443
+            fulcio.sigstore.dev:443
             github.com:443
             objects.githubusercontent.com:443
             oss-fuzz-build-logs.storage.googleapis.com:443