From 1549e3d7994e57c291027db011cbec6d92dcb50a Mon Sep 17 00:00:00 2001 From: Yolanda Robla Date: Fri, 26 Apr 2024 10:10:59 +0200 Subject: [PATCH] fix: use sigstore icon instead of the key one --- pkg/trustyapi/trustyapi.go | 2 +- pkg/trustyapi/trustyapi_test.go | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/pkg/trustyapi/trustyapi.go b/pkg/trustyapi/trustyapi.go index 619f76a..973ce0c 100644 --- a/pkg/trustyapi/trustyapi.go +++ b/pkg/trustyapi/trustyapi.go @@ -162,7 +162,7 @@ func ProcessDependency(dep string, ecosystem string, scoreThreshold float64) (st // write provenance information if result.Provenance.Description.Provenance.Issuer != "" { - reportBuilder.WriteString("### :key: Proof of origin (Provenance):\n") + reportBuilder.WriteString("### ![Sigstore](https://www.trustypkg.dev/icons/sigstore-horizontal.svg) Proof of origin (Provenance):\n") reportBuilder.WriteString("Built and signed with sigstore using GitHub Actions.\n") reportBuilder.WriteString(fmt.Sprintf("· Source repo: `%s`\n", result.Provenance.Description.Provenance.SourceRepo)) reportBuilder.WriteString(fmt.Sprintf("· Github Action Workflow: `%s`\n", result.Provenance.Description.Provenance.Workflow)) diff --git a/pkg/trustyapi/trustyapi_test.go b/pkg/trustyapi/trustyapi_test.go index 39af669..56a9afa 100644 --- a/pkg/trustyapi/trustyapi_test.go +++ b/pkg/trustyapi/trustyapi_test.go @@ -4,6 +4,7 @@ import ( "log" "strings" "testing" + "time" ) func TestProcessGoDependencies(t *testing.T) { @@ -26,6 +27,7 @@ func TestProcessGoDependencies(t *testing.T) { t.Errorf("Expected report to contain 'Archived' for %s", dep) } } + time.Sleep(1 * time.Second) } } @@ -50,7 +52,7 @@ func TestProcessMaliciousDependencies(t *testing.T) { ecosystem := "pypi" scoreThreshold := 10.0 - dependencies := []string{"lyft-service", "types-for-adobe", "booto3", "google-requests", "reqargs"} + dependencies := []string{"lyft-service", "types-for-adobe", "reqargs"} for _, dep := range dependencies { log.Printf("Analyzing dependency: %s\n", dep)