The git-lfs binary is currently being shipped in the DevWorkspace Operator Project Clone container, which is a Red Hat product. The Operator FIPS Static Check CVP test is currently showing a warning that the git-lfs binary is not FIPS compliant, see https://issues.redhat.com/browse/CRW-6246. This test will become a gating test (i.e. we can't ship Devworkspace Operator unless the git-lfs binary becomes FIPS compliant) by the end of CY24 Q2.

I'm hopeful that in order for git-lfs to be FIPS compliant, some additional go compiler flags need to be added, something along the lines of:

CGO_ENABLED=1 GOEXPERIMENT=strictfipsruntime GOOS=linux GOARCH=${ARCH} GO111MODULE=on go build ...  -tags strictfipsruntime