Merge pull request #12 from stacklok/add-sigstore-icon

fix: use sigstore icon instead of the key one
stacklok · Apr 26, 2024 · f776bdd · f776bdd
2 parents bf48970 + 1549e3d
commit f776bdd
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 2 deletions.
diff --git a/pkg/trustyapi/trustyapi.go b/pkg/trustyapi/trustyapi.go
@@ -162,7 +162,7 @@ func ProcessDependency(dep string, ecosystem string, scoreThreshold float64) (st
 
 	// write provenance information
 	if result.Provenance.Description.Provenance.Issuer != "" {
-		reportBuilder.WriteString("### :key: Proof of origin (Provenance):\n")
+		reportBuilder.WriteString("### ![Sigstore](https://www.trustypkg.dev/icons/sigstore-horizontal.svg) Proof of origin (Provenance):\n")
 		reportBuilder.WriteString("Built and signed with sigstore using GitHub Actions.\n")
 		reportBuilder.WriteString(fmt.Sprintf("· Source repo: `%s`\n", result.Provenance.Description.Provenance.SourceRepo))
 		reportBuilder.WriteString(fmt.Sprintf("· Github Action Workflow: `%s`\n", result.Provenance.Description.Provenance.Workflow))

diff --git a/pkg/trustyapi/trustyapi_test.go b/pkg/trustyapi/trustyapi_test.go
@@ -4,6 +4,7 @@ import (
 	"log"
 	"strings"
 	"testing"
+	"time"
 )
 
 func TestProcessGoDependencies(t *testing.T) {
@@ -26,6 +27,7 @@ func TestProcessGoDependencies(t *testing.T) {
 				t.Errorf("Expected report to contain 'Archived' for %s", dep)
 			}
 		}
+		time.Sleep(1 * time.Second)
 	}
 }
 
@@ -50,7 +52,7 @@ func TestProcessMaliciousDependencies(t *testing.T) {
 	ecosystem := "pypi"
 	scoreThreshold := 10.0
 
-	dependencies := []string{"lyft-service", "types-for-adobe", "booto3", "google-requests", "reqargs"}
+	dependencies := []string{"lyft-service", "types-for-adobe", "reqargs"}
 
 	for _, dep := range dependencies {
 		log.Printf("Analyzing dependency: %s\n", dep)