minder icon indicating copy to clipboard operation
minder copied to clipboard
verified publisher icon stacklok

When the trusty evaluator can't fetch any scores, it still says that the PR contains no packages with low scores

Open jhrozek opened this issue 2 years ago • 3 comments

Describe the issue

We have a branch in the trusty evaluator that checks if we managed to fetch a score for a package at all:

	if resp.Summary.Score == 0 {
			logger.Info().
				Str("dependency", dep.Dep.Name).
				Msgf("the dependency has no score, skipping")
			continue
		}

but if we can't fetch any packages we just say that no packages with low scores were found. We should at the very least change the summary in case no scores can be fetched or even provide a separate table with dependencies that couldn't be fetched so that the maintainers can check those themselves.

To Reproduce

unsure, I managed to hit this in combination with a trusty bug

What version are you using?

v0.0.24+ref.aa6a2170

jhrozek avatar Jan 16 '24 12:01 jhrozek