From 066a41e2a5f1398a9a80968c1e368d88ad59e98a Mon Sep 17 00:00:00 2001 From: behnazh-w Date: Tue, 20 May 2025 16:43:09 +1000 Subject: [PATCH] refactor: always run build service check if repo is found Signed-off-by: behnazh-w --- src/macaron/slsa_analyzer/checks/build_service_check.py | 4 ++-- .../micronaut-projects_micronaut-core/check_results_policy.dl | 4 ++-- .../cases/micronaut-projects_micronaut-test/micronaut-test.dl | 2 +- .../integration/cases/org_apache_logging_log4j/policy_purl.dl | 2 +- tests/integration/cases/semver/policy.dl | 2 +- tests/integration/cases/uiv-lib_uiv/policy.dl | 2 +- 6 files changed, 8 insertions(+), 8 deletions(-) diff --git a/src/macaron/slsa_analyzer/checks/build_service_check.py b/src/macaron/slsa_analyzer/checks/build_service_check.py index cea689a7c..26a36b732 100644 --- a/src/macaron/slsa_analyzer/checks/build_service_check.py +++ b/src/macaron/slsa_analyzer/checks/build_service_check.py @@ -75,14 +75,14 @@ def __init__(self) -> None: """Initiate the BuildServiceCheck instance.""" check_id = "mcn_build_service_1" description = "Check if the target repo has a valid build service." - depends_on: list[tuple[str, CheckResultType]] = [("mcn_build_as_code_1", CheckResultType.FAILED)] + depends_on: list[tuple[str, CheckResultType]] = [("mcn_version_control_system_1", CheckResultType.PASSED)] eval_reqs = [ReqName.BUILD_SERVICE] super().__init__( check_id=check_id, description=description, depends_on=depends_on, eval_reqs=eval_reqs, - result_on_skip=CheckResultType.PASSED, + result_on_skip=CheckResultType.FAILED, ) def run_check(self, ctx: AnalyzeContext) -> CheckResultData: diff --git a/tests/integration/cases/micronaut-projects_micronaut-core/check_results_policy.dl b/tests/integration/cases/micronaut-projects_micronaut-core/check_results_policy.dl index 0210abf11..5cf5852d0 100644 --- a/tests/integration/cases/micronaut-projects_micronaut-core/check_results_policy.dl +++ b/tests/integration/cases/micronaut-projects_micronaut-core/check_results_policy.dl @@ -1,4 +1,4 @@ -/* Copyright (c) 2024 - 2024, Oracle and/or its affiliates. All rights reserved. */ +/* Copyright (c) 2024 - 2025, Oracle and/or its affiliates. All rights reserved. */ /* Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/. */ #include "prelude.dl" @@ -6,7 +6,7 @@ Policy("test_policy", component_id, "") :- check_passed(component_id, "mcn_build_as_code_1"), check_passed(component_id, "mcn_build_script_1"), - check_passed(component_id, "mcn_build_service_1"), + check_failed(component_id, "mcn_build_service_1"), check_passed(component_id, "mcn_version_control_system_1"), check_passed(component_id, "mcn_provenance_derived_repo_1"), check_failed(component_id, "mcn_provenance_derived_commit_1"), diff --git a/tests/integration/cases/micronaut-projects_micronaut-test/micronaut-test.dl b/tests/integration/cases/micronaut-projects_micronaut-test/micronaut-test.dl index e0f43e2ce..7c6ce543c 100644 --- a/tests/integration/cases/micronaut-projects_micronaut-test/micronaut-test.dl +++ b/tests/integration/cases/micronaut-projects_micronaut-test/micronaut-test.dl @@ -6,7 +6,7 @@ Policy("test_policy", component_id, "") :- check_passed(component_id, "mcn_build_as_code_1"), check_passed(component_id, "mcn_build_script_1"), - check_passed(component_id, "mcn_build_service_1"), + check_failed(component_id, "mcn_build_service_1"), check_passed(component_id, "mcn_version_control_system_1"), check_passed(component_id, "mcn_provenance_available_1"), check_passed(component_id, "mcn_provenance_derived_repo_1"), diff --git a/tests/integration/cases/org_apache_logging_log4j/policy_purl.dl b/tests/integration/cases/org_apache_logging_log4j/policy_purl.dl index f81ac7b07..5819da2b1 100644 --- a/tests/integration/cases/org_apache_logging_log4j/policy_purl.dl +++ b/tests/integration/cases/org_apache_logging_log4j/policy_purl.dl @@ -6,7 +6,7 @@ Policy("test_policy", component_id, "") :- check_passed(component_id, "mcn_build_as_code_1"), check_passed(component_id, "mcn_build_script_1"), - check_passed(component_id, "mcn_build_service_1"), + check_failed(component_id, "mcn_build_service_1"), check_passed_with_confidence(component_id, "mcn_find_artifact_pipeline_1", confidence), confidence = 0.7, // Medium confidence because the pipeline was not found from a provenance. check_passed(component_id, "mcn_version_control_system_1"), diff --git a/tests/integration/cases/semver/policy.dl b/tests/integration/cases/semver/policy.dl index bdaaed0fa..62570d053 100644 --- a/tests/integration/cases/semver/policy.dl +++ b/tests/integration/cases/semver/policy.dl @@ -6,7 +6,7 @@ Policy("test_policy", component_id, "") :- check_passed(component_id, "mcn_build_as_code_1"), check_passed(component_id, "mcn_build_script_1"), - check_passed(component_id, "mcn_build_service_1"), + check_failed(component_id, "mcn_build_service_1"), check_passed(component_id, "mcn_provenance_available_1"), check_passed(component_id, "mcn_provenance_derived_commit_1"), check_passed(component_id, "mcn_provenance_derived_repo_1"), diff --git a/tests/integration/cases/uiv-lib_uiv/policy.dl b/tests/integration/cases/uiv-lib_uiv/policy.dl index 35e17f423..259a60031 100644 --- a/tests/integration/cases/uiv-lib_uiv/policy.dl +++ b/tests/integration/cases/uiv-lib_uiv/policy.dl @@ -6,7 +6,7 @@ Policy("test_policy", component_id, "") :- check_passed(component_id, "mcn_build_as_code_1"), check_passed(component_id, "mcn_build_script_1"), - check_passed(component_id, "mcn_build_service_1"), + check_failed(component_id, "mcn_build_service_1"), check_passed(component_id, "mcn_version_control_system_1"), check_passed(component_id, "mcn_build_tool_1"), build_tool_check(npm_id, "npm", "javascript"),