Overview

The update_sbom and monguard_endorctl_pr_scan Evergreen tasks were failing with exit code 26 because endorctl's bundled libgit2 (pre-1.4) does not recognize the partialclone git extension.

Background

Evergreen's git.get_project command writes extensions.partialclone into .git/config when cloning with clone_depth: 1 (shallow clone). The version of libgit2 bundled in endorctl does not support this extension and aborts with:

ERROR initialization\-error: unable to open repository: failed to open the repository at path '.': unknown extension: partialclone

This caused the "Run monguard Rust scan" step to fail with exit code 26, which in turn failed the entire Evergreen task.

Scope of Work

* buildscripts/sbom/endorctl_scan.sh — Added git config --unset extensions.partialclone 2>/dev/null || true before the endorctl scan invocation to remove the incompatible extension before the scan opens the repository
* etc/evergreen_yml_components/tasks/misc_tasks.yml — Added continue_on_err: true to the "Run monguard Rust scan" step in update_sbom and the "Run monguard Rust PR scan" step in monguard_endorctl_pr_scan so that any future scan failure does not block SBOM generation

Acceptance Criteria

* update_sbom and monguard_endorctl_pr_scan Evergreen tasks complete successfully when the repo is cloned with clone_depth: 1
* A scan failure (e.g. endorctl upgrade required) no longer fails the entire Evergreen task

Technical Notes

* The root-cause fix is the git config --unset line in endorctl_scan.sh
* The continue_on_err: true changes are a safety net for unrelated future scan failures
* No change to monguard source or the SBOM itself