Drop internal trusty REST code in favor of client from trusty-sdk #3523
Conversation
There was a problem hiding this comment.
Dependency Information
Minder analyzed the dependencies introduced in this pull request and detected that some dependencies do not meet your security profile.
📦 Dependency: github.com/stacklok/trusty-sdk-go
Trusty Score: 3.7
Scoring details
| Component | Score |
|---|---|
| User activity | 5.7 |
| Repository activity | 1.7 |
| From | activity |
| Package activity | 3.7 |
| Provenance | 10 |
| Malicious | false |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 1 |
| Number of git tags or releases | 1 |
| Versions matched to tags or releases | 1 |
puerco
changed the title
| // createOrUpdateEvalStatus takes care of recording the rule evaluation results. | ||
| // This function inserts into the database: | ||
| // | ||
| // - The rule evaluation parameters (profile, repo, artifact, entity, etc). | ||
| // - The rule evaluation status and details. | ||
| // - The remediation status and details. | ||
| // - The alert status and details. | ||
| // | ||
| // If the error in the evaluation status resolves to an errors.ErrEvaluationSkipSilently, | ||
| // no details are stored or logged. |
There was a problem hiding this comment.
I just noticed I pulled an unchecked check from another branch I was working on.. I'll leave it in the PR, it is only expanding the function documentation elsewhere.
|
OK, the trusty sdk has a new release. This should be ready. |
|
@puerco the code looks good, but because we took our sweet time reviewing, there are now some conflicts in go.mod and sum. If you rebase, I'll approve right away. Sorry for the delays. |
This commit modifies the trusty evaluator to use the API client from stacklok/trusty-sdk-go isntead of the in tree pacakge which is now removed. Signed-off-by: Adolfo García Veytia (Puerco) <[email protected]>
Signed-off-by: Adolfo García Veytia (Puerco) <[email protected]>
Summary
This commit modifies the trusty evaluator to use the API client from
stacklok/trusty-sdk-go isntead of the in tree pacakge which is now
removed.
DO NOT MERGE: For review purposes, this is pulling the trusty-sdk @ HEAD, once stacklok/trusty-sdk-go#14 merges, I'll cut a new release and repush to pull on the tag.
Signed-off-by: Adolfo García Veytia (Puerco) [email protected]
Change Type
Mark the type of change your PR introduces:
Testing
Outline how the changes were tested, including steps to reproduce and any relevant configurations.
Attach screenshots if helpful.
Review Checklist: