The values stored within some CheckFacts instances are not consistent.

[tromai]

During my exploration, I noticed something with our current setup of checks.

Let's take the build as code check as an example. The build as code check will create instances of BuildAsCodeFacts https://github.com/oracle/macaron/blob/39bd296051e31dae94ab5683b7537559ace1d511/src/macaron/slsa_analyzer/checks/build_as_code_check.py#L37

Those instances stores information that will later be put into the SQLite database. A BuildAsCodeFacts instance has an attribute called deploy_command. At some places, the value stored to this attribute is a JSON - serialized value (e.g. https://github.com/oracle/macaron/blob/39bd296051e31dae94ab5683b7537559ace1d511/src/macaron/slsa_analyzer/checks/build_as_code_check.py#L262).

At other places, it's stored as a string without going through serialization: https://github.com/oracle/macaron/blob/39bd296051e31dae94ab5683b7537559ace1d511/src/macaron/slsa_analyzer/checks/build_as_code_check.py#L201 and https://github.com/oracle/macaron/blob/39bd296051e31dae94ab5683b7537559ace1d511/src/macaron/slsa_analyzer/checks/build_as_code_check.py#L291

This could be an issue if someone wants to read this field as the format is not consistent.

In additions, this issue also happens to build service check with BuildServiceFacts's build_command attribute https://github.com/oracle/macaron/blob/39bd296051e31dae94ab5683b7537559ace1d511/src/macaron/slsa_analyzer/checks/build_service_check.py#L47