From 719fc94e01181c915b1928feae3f918cc61f5273 Mon Sep 17 00:00:00 2001
From: Travis Truman <trumant@gmail.com>
Date: Sun, 28 Sep 2025 09:08:05 -0400
Subject: [PATCH] chore: integrate with latest gemara layer4

Signed-off-by: Travis Truman <trumant@gmail.com>
---
 .../osps/access_control/evaluations.go        |  8 +++---
 evaluation_plans/osps/access_control/steps.go |  8 +++---
 .../osps/access_control/steps_test.go         |  2 +-
 .../osps/build_release/evaluations.go         | 14 +++++-----
 evaluation_plans/osps/build_release/steps.go  | 14 +++++-----
 evaluation_plans/osps/docs/evaluations.go     | 12 ++++-----
 evaluation_plans/osps/docs/steps.go           | 14 +++++-----
 .../osps/governance/evaluations.go            |  8 +++---
 evaluation_plans/osps/governance/steps.go     | 12 ++++-----
 evaluation_plans/osps/legal/evaluations.go    |  6 ++---
 evaluation_plans/osps/legal/steps.go          |  8 +++---
 evaluation_plans/osps/legal/steps_test.go     | 26 +++++++++----------
 evaluation_plans/osps/quality/evaluations.go  | 14 +++++-----
 evaluation_plans/osps/quality/steps.go        | 22 ++++++++--------
 evaluation_plans/osps/quality/steps_test.go   |  2 +-
 .../osps/sec_assessment/evaluations.go        |  6 ++---
 .../osps/vuln_management/evaluations.go       | 12 ++++-----
 .../osps/vuln_management/steps.go             | 10 +++----
 .../osps/vuln_management/steps_test.go        |  6 ++---
 .../reusable_steps/evaluations.go             | 18 ++++++-------
 .../reusable_steps/evaluations_test.go        | 10 +++----
 go.mod                                        |  6 ++++-
 go.sum                                        |  8 +++---
 23 files changed, 125 insertions(+), 121 deletions(-)

diff --git a/evaluation_plans/osps/access_control/evaluations.go b/evaluation_plans/osps/access_control/evaluations.go
index 9276b6c..2a97428 100644
--- a/evaluation_plans/osps/access_control/evaluations.go
+++ b/evaluation_plans/osps/access_control/evaluations.go
@@ -10,7 +10,7 @@ import (
 
 func OSPS_AC_01() (evaluation *layer4.ControlEvaluation) {
 	evaluation = &layer4.ControlEvaluation{
-		ControlID: "OSPS-AC-01",
+		ControlId: "OSPS-AC-01",
 	}
 
 	evaluation.AddAssessment(
@@ -31,7 +31,7 @@ func OSPS_AC_01() (evaluation *layer4.ControlEvaluation) {
 
 func OSPS_AC_02() (evaluation *layer4.ControlEvaluation) {
 	evaluation = &layer4.ControlEvaluation{
-		ControlID: "OSPS-AC-02",
+		ControlId: "OSPS-AC-02",
 	}
 
 	evaluation.AddAssessment(
@@ -52,7 +52,7 @@ func OSPS_AC_02() (evaluation *layer4.ControlEvaluation) {
 
 func OSPS_AC_03() (evaluation *layer4.ControlEvaluation) {
 	evaluation = &layer4.ControlEvaluation{
-		ControlID: "OSPS-AC-03",
+		ControlId: "OSPS-AC-03",
 	}
 
 	evaluation.AddAssessment(
@@ -86,7 +86,7 @@ func OSPS_AC_03() (evaluation *layer4.ControlEvaluation) {
 
 func OSPS_AC_04() (evaluation *layer4.ControlEvaluation) {
 	evaluation = &layer4.ControlEvaluation{
-		ControlID: "OSPS-AC-04",
+		ControlId: "OSPS-AC-04",
 	}
 
 	evaluation.AddAssessment(
diff --git a/evaluation_plans/osps/access_control/steps.go b/evaluation_plans/osps/access_control/steps.go
index 99add37..fad6be7 100644
--- a/evaluation_plans/osps/access_control/steps.go
+++ b/evaluation_plans/osps/access_control/steps.go
@@ -6,7 +6,7 @@ import (
 	"github.com/revanite-io/pvtr-github-repo/evaluation_plans/reusable_steps"
 )
 
-func orgRequiresMFA(payloadData any, _ map[string]*layer4.Change) (result layer4.Result, message string) {
+func orgRequiresMFA(payloadData any) (result layer4.Result, message string) {
 	payload, message := reusable_steps.VerifyPayload(payloadData)
 	if message != "" {
 		return layer4.Unknown, message
@@ -22,7 +22,7 @@ func orgRequiresMFA(payloadData any, _ map[string]*layer4.Change) (result layer4
 	return layer4.Failed, "Two-factor authentication is NOT configured as required by the parent organization"
 }
 
-func branchProtectionRestrictsPushes(payloadData any, _ map[string]*layer4.Change) (result layer4.Result, message string) {
+func branchProtectionRestrictsPushes(payloadData any) (result layer4.Result, message string) {
 	payload, message := reusable_steps.VerifyPayload(payloadData)
 	if message != "" {
 		return layer4.Unknown, message
@@ -42,7 +42,7 @@ func branchProtectionRestrictsPushes(payloadData any, _ map[string]*layer4.Chang
 	return
 }
 
-func branchProtectionPreventsDeletion(payloadData any, _ map[string]*layer4.Change) (result layer4.Result, message string) {
+func branchProtectionPreventsDeletion(payloadData any) (result layer4.Result, message string) {
 	payload, message := reusable_steps.VerifyPayload(payloadData)
 	if message != "" {
 		return layer4.Unknown, message
@@ -60,7 +60,7 @@ func branchProtectionPreventsDeletion(payloadData any, _ map[string]*layer4.Chan
 	return
 }
 
-func workflowDefaultReadPermissions(payloadData any, _ map[string]*layer4.Change) (result layer4.Result, message string) {
+func workflowDefaultReadPermissions(payloadData any) (result layer4.Result, message string) {
 	payload, message := reusable_steps.VerifyPayload(payloadData)
 	if message != "" {
 		return layer4.Unknown, message
diff --git a/evaluation_plans/osps/access_control/steps_test.go b/evaluation_plans/osps/access_control/steps_test.go
index f204717..93e3088 100644
--- a/evaluation_plans/osps/access_control/steps_test.go
+++ b/evaluation_plans/osps/access_control/steps_test.go
@@ -61,7 +61,7 @@ func Test_orgRequiresMFA(t *testing.T) {
 
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			gotResult, gotMessage := orgRequiresMFA(tt.payload, map[string]*layer4.Change{})
+			gotResult, gotMessage := orgRequiresMFA(tt.payload)
 			assert.Equal(t, tt.wantResult, gotResult)
 			assert.Equal(t, tt.wantMessage, gotMessage)
 		})
diff --git a/evaluation_plans/osps/build_release/evaluations.go b/evaluation_plans/osps/build_release/evaluations.go
index 6a0fdc9..1f34421 100644
--- a/evaluation_plans/osps/build_release/evaluations.go
+++ b/evaluation_plans/osps/build_release/evaluations.go
@@ -10,7 +10,7 @@ import (
 
 func OSPS_BR_01() (evaluation *layer4.ControlEvaluation) {
 	evaluation = &layer4.ControlEvaluation{
-		ControlID: "OSPS-BR-01",
+		ControlId: "OSPS-BR-01",
 	}
 
 	evaluation.AddAssessment(
@@ -44,7 +44,7 @@ func OSPS_BR_01() (evaluation *layer4.ControlEvaluation) {
 
 func OSPS_BR_02() (evaluation *layer4.ControlEvaluation) {
 	evaluation = &layer4.ControlEvaluation{
-		ControlID: "OSPS-BR-02",
+		ControlId: "OSPS-BR-02",
 	}
 
 	evaluation.AddAssessment(
@@ -78,7 +78,7 @@ func OSPS_BR_02() (evaluation *layer4.ControlEvaluation) {
 
 func OSPS_BR_03() (evaluation *layer4.ControlEvaluation) {
 	evaluation = &layer4.ControlEvaluation{
-		ControlID: "OSPS-BR-03",
+		ControlId: "OSPS-BR-03",
 	}
 
 	evaluation.AddAssessment(
@@ -113,7 +113,7 @@ func OSPS_BR_03() (evaluation *layer4.ControlEvaluation) {
 
 func OSPS_BR_04() (evaluation *layer4.ControlEvaluation) {
 	evaluation = &layer4.ControlEvaluation{
-		ControlID: "OSPS-BR-04",
+		ControlId: "OSPS-BR-04",
 	}
 
 	evaluation.AddAssessment(
@@ -134,7 +134,7 @@ func OSPS_BR_04() (evaluation *layer4.ControlEvaluation) {
 
 func OSPS_BR_05() (evaluation *layer4.ControlEvaluation) {
 	evaluation = &layer4.ControlEvaluation{
-		ControlID: "OSPS-BR-05",
+		ControlId: "OSPS-BR-05",
 	}
 
 	evaluation.AddAssessment(
@@ -154,7 +154,7 @@ func OSPS_BR_05() (evaluation *layer4.ControlEvaluation) {
 
 func OSPS_BR_06() (evaluation *layer4.ControlEvaluation) {
 	evaluation = &layer4.ControlEvaluation{
-		ControlID: "OSPS-BR-06",
+		ControlId: "OSPS-BR-06",
 	}
 
 	evaluation.AddAssessment(
@@ -176,7 +176,7 @@ func OSPS_BR_06() (evaluation *layer4.ControlEvaluation) {
 
 func OSPS_BR_07() (evaluation *layer4.ControlEvaluation) {
 	evaluation = &layer4.ControlEvaluation{
-		ControlID: "OSPS-BR-07",
+		ControlId: "OSPS-BR-07",
 	}
 
 	evaluation.AddAssessment(
diff --git a/evaluation_plans/osps/build_release/steps.go b/evaluation_plans/osps/build_release/steps.go
index e1593df..d530f9d 100644
--- a/evaluation_plans/osps/build_release/steps.go
+++ b/evaluation_plans/osps/build_release/steps.go
@@ -33,7 +33,7 @@ var untrustedVarsRegex = `.*(github\.event\.issue\.title|` +
 	`github\.event\.pull_request\.head\.repo\.default_branch|` +
 	`github\.head_ref).*`
 
-func cicdSanitizedInputParameters(payloadData any, _ map[string]*layer4.Change) (result layer4.Result, message string) {
+func cicdSanitizedInputParameters(payloadData any) (result layer4.Result, message string) {
 
 	// parse the payload and see if we pass our checks
 	data, message := reusable_steps.VerifyPayload(payloadData)
@@ -154,7 +154,7 @@ func pullVariablesFromScript(script string) []string {
 
 }
 
-func releaseHasUniqueIdentifier(payloadData any, _ map[string]*layer4.Change) (result layer4.Result, message string) {
+func releaseHasUniqueIdentifier(payloadData any) (result layer4.Result, message string) {
 	data, message := reusable_steps.VerifyPayload(payloadData)
 	if message != "" {
 		return layer4.Unknown, message
@@ -232,7 +232,7 @@ func insecureURI(uri string) bool {
 	return true
 }
 
-func ensureInsightsLinksUseHTTPS(payloadData any, _ map[string]*layer4.Change) (result layer4.Result, message string) {
+func ensureInsightsLinksUseHTTPS(payloadData any) (result layer4.Result, message string) {
 	data, message := reusable_steps.VerifyPayload(payloadData)
 	if message != "" {
 		return layer4.Unknown, message
@@ -251,7 +251,7 @@ func ensureInsightsLinksUseHTTPS(payloadData any, _ map[string]*layer4.Change) (
 	return layer4.Passed, "All links use HTTPS"
 }
 
-func ensureLatestReleaseHasChangelog(payloadData any, _ map[string]*layer4.Change) (result layer4.Result, message string) {
+func ensureLatestReleaseHasChangelog(payloadData any) (result layer4.Result, message string) {
 	data, message := reusable_steps.VerifyPayload(payloadData)
 	if message != "" {
 		return layer4.Unknown, message
@@ -264,7 +264,7 @@ func ensureLatestReleaseHasChangelog(payloadData any, _ map[string]*layer4.Chang
 	return layer4.Failed, "The latest release does not have mention of a changelog: \n" + releaseDescription
 }
 
-func insightsHasSlsaAttestation(payloadData any, _ map[string]*layer4.Change) (result layer4.Result, message string) {
+func insightsHasSlsaAttestation(payloadData any) (result layer4.Result, message string) {
 	data, message := reusable_steps.VerifyPayload(payloadData)
 	if message != "" {
 		return layer4.Unknown, message
@@ -280,7 +280,7 @@ func insightsHasSlsaAttestation(payloadData any, _ map[string]*layer4.Change) (r
 	return layer4.Failed, "No SLSA attestation found in security insights"
 }
 
-func distributionPointsUseHTTPS(payloadData any, _ map[string]*layer4.Change) (result layer4.Result, message string) {
+func distributionPointsUseHTTPS(payloadData any) (result layer4.Result, message string) {
 	data, message := reusable_steps.VerifyPayload(payloadData)
 	if message != "" {
 		return layer4.Unknown, message
@@ -304,7 +304,7 @@ func distributionPointsUseHTTPS(payloadData any, _ map[string]*layer4.Change) (r
 	return layer4.Passed, "All distribution points use HTTPS"
 }
 
-func secretScanningInUse(payloadData any, _ map[string]*layer4.Change) (result layer4.Result, message string) {
+func secretScanningInUse(payloadData any) (result layer4.Result, message string) {
 	data, message := reusable_steps.VerifyPayload(payloadData)
 	if message != "" {
 		return layer4.Unknown, message
diff --git a/evaluation_plans/osps/docs/evaluations.go b/evaluation_plans/osps/docs/evaluations.go
index 75c06b3..20c201f 100644
--- a/evaluation_plans/osps/docs/evaluations.go
+++ b/evaluation_plans/osps/docs/evaluations.go
@@ -10,7 +10,7 @@ import (
 
 func OSPS_DO_01() (evaluation *layer4.ControlEvaluation) {
 	evaluation = &layer4.ControlEvaluation{
-		ControlID: "OSPS-DO-01",
+		ControlId: "OSPS-DO-01",
 	}
 
 	evaluation.AddAssessment(
@@ -33,7 +33,7 @@ func OSPS_DO_01() (evaluation *layer4.ControlEvaluation) {
 
 func OSPS_DO_02() (evaluation *layer4.ControlEvaluation) {
 	evaluation = &layer4.ControlEvaluation{
-		ControlID: "OSPS-DO-02",
+		ControlId: "OSPS-DO-02",
 	}
 
 	evaluation.AddAssessment(
@@ -56,7 +56,7 @@ func OSPS_DO_02() (evaluation *layer4.ControlEvaluation) {
 
 func OSPS_DO_03() (evaluation *layer4.ControlEvaluation) {
 	evaluation = &layer4.ControlEvaluation{
-		ControlID: "OSPS-DO-03",
+		ControlId: "OSPS-DO-03",
 	}
 
 	evaluation.AddAssessment(
@@ -90,7 +90,7 @@ func OSPS_DO_03() (evaluation *layer4.ControlEvaluation) {
 
 func OSPS_DO_04() (evaluation *layer4.ControlEvaluation) {
 	evaluation = &layer4.ControlEvaluation{
-		ControlID: "OSPS-DO-04",
+		ControlId: "OSPS-DO-04",
 	}
 
 	evaluation.AddAssessment(
@@ -109,7 +109,7 @@ func OSPS_DO_04() (evaluation *layer4.ControlEvaluation) {
 
 func OSPS_DO_05() (evaluation *layer4.ControlEvaluation) {
 	evaluation = &layer4.ControlEvaluation{
-		ControlID: "OSPS-DO-05",
+		ControlId: "OSPS-DO-05",
 	}
 
 	evaluation.AddAssessment(
@@ -128,7 +128,7 @@ func OSPS_DO_05() (evaluation *layer4.ControlEvaluation) {
 
 func OSPS_DO_06() (evaluation *layer4.ControlEvaluation) {
 	evaluation = &layer4.ControlEvaluation{
-		ControlID: "OSPS-DO-06",
+		ControlId: "OSPS-DO-06",
 	}
 
 	evaluation.AddAssessment(
diff --git a/evaluation_plans/osps/docs/steps.go b/evaluation_plans/osps/docs/steps.go
index 195c617..b51492b 100644
--- a/evaluation_plans/osps/docs/steps.go
+++ b/evaluation_plans/osps/docs/steps.go
@@ -6,7 +6,7 @@ import (
 	"github.com/revanite-io/pvtr-github-repo/evaluation_plans/reusable_steps"
 )
 
-func hasSupportDocs(payloadData any, _ map[string]*layer4.Change) (result layer4.Result, message string) {
+func hasSupportDocs(payloadData any) (result layer4.Result, message string) {
 	data, message := reusable_steps.VerifyPayload(payloadData)
 	if message != "" {
 		return layer4.Unknown, message
@@ -20,7 +20,7 @@ func hasSupportDocs(payloadData any, _ map[string]*layer4.Change) (result layer4
 	return layer4.Failed, "A support.md file or support statements in the readme.md was NOT found"
 }
 
-func hasUserGuides(payloadData any, _ map[string]*layer4.Change) (result layer4.Result, message string) {
+func hasUserGuides(payloadData any) (result layer4.Result, message string) {
 	data, message := reusable_steps.VerifyPayload(payloadData)
 	if message != "" {
 		return layer4.Unknown, message
@@ -33,7 +33,7 @@ func hasUserGuides(payloadData any, _ map[string]*layer4.Change) (result layer4.
 	return layer4.Passed, "User guide was specified in Security Insights data"
 }
 
-func acceptsVulnReports(payloadData any, _ map[string]*layer4.Change) (result layer4.Result, message string) {
+func acceptsVulnReports(payloadData any) (result layer4.Result, message string) {
 	data, message := reusable_steps.VerifyPayload(payloadData)
 	if message != "" {
 		return layer4.Unknown, message
@@ -46,7 +46,7 @@ func acceptsVulnReports(payloadData any, _ map[string]*layer4.Change) (result la
 	return layer4.Failed, "Repository does not accept vulnerability reports"
 }
 
-func hasSignatureVerificationGuide(payloadData any, _ map[string]*layer4.Change) (result layer4.Result, message string) {
+func hasSignatureVerificationGuide(payloadData any) (result layer4.Result, message string) {
 	data, message := reusable_steps.VerifyPayload(payloadData)
 	if message != "" {
 		return layer4.Unknown, message
@@ -59,7 +59,7 @@ func hasSignatureVerificationGuide(payloadData any, _ map[string]*layer4.Change)
 	return layer4.Passed, "Signature verification guide was specified in Security Insights data"
 }
 
-func hasDependencyManagementPolicy(payloadData any, _ map[string]*layer4.Change) (result layer4.Result, message string) {
+func hasDependencyManagementPolicy(payloadData any) (result layer4.Result, message string) {
 	data, message := reusable_steps.VerifyPayload(payloadData)
 	if message != "" {
 		return layer4.Unknown, message
@@ -72,7 +72,7 @@ func hasDependencyManagementPolicy(payloadData any, _ map[string]*layer4.Change)
 	return layer4.Passed, "Dependency management policy was specified in Security Insights data"
 }
 
-func hasIdentityVerificationGuide(payloadData any, _ map[string]*layer4.Change) (result layer4.Result, message string) {
+func hasIdentityVerificationGuide(payloadData any) (result layer4.Result, message string) {
 	data, message := reusable_steps.VerifyPayload(payloadData)
 	if message != "" {
 		return layer4.Unknown, message
@@ -83,4 +83,4 @@ func hasIdentityVerificationGuide(payloadData any, _ map[string]*layer4.Change)
 	}
 
 	return layer4.Passed, "Identity verification guide was specified in Security Insights data (found in signature-verification field)"
-}
+}
\ No newline at end of file
diff --git a/evaluation_plans/osps/governance/evaluations.go b/evaluation_plans/osps/governance/evaluations.go
index b0a1f86..98852f0 100644
--- a/evaluation_plans/osps/governance/evaluations.go
+++ b/evaluation_plans/osps/governance/evaluations.go
@@ -10,7 +10,7 @@ import (
 
 func OSPS_GV_01() (evaluation *layer4.ControlEvaluation) {
 	evaluation = &layer4.ControlEvaluation{
-		ControlID: "OSPS-GV-01",
+		ControlId: "OSPS-GV-01",
 	}
 
 	evaluation.AddAssessment(
@@ -45,7 +45,7 @@ func OSPS_GV_01() (evaluation *layer4.ControlEvaluation) {
 
 func OSPS_GV_02() (evaluation *layer4.ControlEvaluation) {
 	evaluation = &layer4.ControlEvaluation{
-		ControlID: "OSPS-GV-02",
+		ControlId: "OSPS-GV-02",
 	}
 
 	evaluation.AddAssessment(
@@ -66,7 +66,7 @@ func OSPS_GV_02() (evaluation *layer4.ControlEvaluation) {
 
 func OSPS_GV_03() (evaluation *layer4.ControlEvaluation) {
 	evaluation = &layer4.ControlEvaluation{
-		ControlID: "OSPS-GV-03",
+		ControlId: "OSPS-GV-03",
 	}
 
 	evaluation.AddAssessment(
@@ -102,7 +102,7 @@ func OSPS_GV_03() (evaluation *layer4.ControlEvaluation) {
 
 func OSPS_GV_04() (evaluation *layer4.ControlEvaluation) {
 	evaluation = &layer4.ControlEvaluation{
-		ControlID: "OSPS-GV-04",
+		ControlId: "OSPS-GV-04",
 	}
 
 	evaluation.AddAssessment(
diff --git a/evaluation_plans/osps/governance/steps.go b/evaluation_plans/osps/governance/steps.go
index c427c22..51fa88f 100644
--- a/evaluation_plans/osps/governance/steps.go
+++ b/evaluation_plans/osps/governance/steps.go
@@ -5,7 +5,7 @@ import (
 	"github.com/revanite-io/pvtr-github-repo/evaluation_plans/reusable_steps"
 )
 
-func coreTeamIsListed(payloadData any, _ map[string]*layer4.Change) (result layer4.Result, message string) {
+func coreTeamIsListed(payloadData any) (result layer4.Result, message string) {
 	data, message := reusable_steps.VerifyPayload(payloadData)
 	if message != "" {
 		return layer4.Unknown, message
@@ -18,7 +18,7 @@ func coreTeamIsListed(payloadData any, _ map[string]*layer4.Change) (result laye
 	return layer4.Passed, "Core team was specified in Security Insights data"
 }
 
-func projectAdminsListed(payloadData any, _ map[string]*layer4.Change) (result layer4.Result, message string) {
+func projectAdminsListed(payloadData any) (result layer4.Result, message string) {
 	data, message := reusable_steps.VerifyPayload(payloadData)
 	if message != "" {
 		return layer4.Unknown, message
@@ -31,7 +31,7 @@ func projectAdminsListed(payloadData any, _ map[string]*layer4.Change) (result l
 	return layer4.Passed, "Project admins were specified in Security Insights data"
 }
 
-func hasRolesAndResponsibilities(payloadData any, _ map[string]*layer4.Change) (result layer4.Result, message string) {
+func hasRolesAndResponsibilities(payloadData any) (result layer4.Result, message string) {
 	data, message := reusable_steps.VerifyPayload(payloadData)
 	if message != "" {
 		return layer4.Unknown, message
@@ -44,7 +44,7 @@ func hasRolesAndResponsibilities(payloadData any, _ map[string]*layer4.Change) (
 	return layer4.Passed, "Roles and responsibilities were specified in Security Insights data"
 }
 
-func hasContributionGuide(payloadData any, _ map[string]*layer4.Change) (result layer4.Result, message string) {
+func hasContributionGuide(payloadData any) (result layer4.Result, message string) {
 	data, message := reusable_steps.VerifyPayload(payloadData)
 	if message != "" {
 		return layer4.Unknown, message
@@ -65,7 +65,7 @@ func hasContributionGuide(payloadData any, _ map[string]*layer4.Change) (result
 	return layer4.Failed, "Contribution guide not found in Security Insights data or via GitHub API"
 }
 
-func hasContributionReviewPolicy(payloadData any, _ map[string]*layer4.Change) (result layer4.Result, message string) {
+func hasContributionReviewPolicy(payloadData any) (result layer4.Result, message string) {
 	data, message := reusable_steps.VerifyPayload(payloadData)
 	if message != "" {
 		return layer4.Unknown, message
@@ -78,4 +78,4 @@ func hasContributionReviewPolicy(payloadData any, _ map[string]*layer4.Change) (
 	}
 
 	return layer4.Failed, "Code review guide was NOT specified in Security Insights data"
-}
+}
\ No newline at end of file
diff --git a/evaluation_plans/osps/legal/evaluations.go b/evaluation_plans/osps/legal/evaluations.go
index 346fc9c..b042bda 100644
--- a/evaluation_plans/osps/legal/evaluations.go
+++ b/evaluation_plans/osps/legal/evaluations.go
@@ -10,7 +10,7 @@ import (
 
 func OSPS_LE_01() (evaluation *layer4.ControlEvaluation) {
 	evaluation = &layer4.ControlEvaluation{
-		ControlID: "OSPS-LE-01",
+		ControlId: "OSPS-LE-01",
 	}
 
 	evaluation.AddAssessment(
@@ -30,7 +30,7 @@ func OSPS_LE_01() (evaluation *layer4.ControlEvaluation) {
 
 func OSPS_LE_02() (evaluation *layer4.ControlEvaluation) {
 	evaluation = &layer4.ControlEvaluation{
-		ControlID: "OSPS-LE-02",
+		ControlId: "OSPS-LE-02",
 	}
 
 	evaluation.AddAssessment(
@@ -66,7 +66,7 @@ func OSPS_LE_02() (evaluation *layer4.ControlEvaluation) {
 
 func OSPS_LE_03() (evaluation *layer4.ControlEvaluation) {
 	evaluation = &layer4.ControlEvaluation{
-		ControlID: "OSPS-LE-03",
+		ControlId: "OSPS-LE-03",
 	}
 
 	evaluation.AddAssessment(
diff --git a/evaluation_plans/osps/legal/steps.go b/evaluation_plans/osps/legal/steps.go
index 1b307a9..2badac2 100644
--- a/evaluation_plans/osps/legal/steps.go
+++ b/evaluation_plans/osps/legal/steps.go
@@ -51,7 +51,7 @@ func splitSpdxExpression(expression string) (spdx_ids []string) {
 	return
 }
 
-func foundLicense(payloadData any, _ map[string]*layer4.Change) (result layer4.Result, message string) {
+func foundLicense(payloadData any) (result layer4.Result, message string) {
 	data, message := reusable_steps.VerifyPayload(payloadData)
 	if message != "" {
 		return layer4.Unknown, message
@@ -62,7 +62,7 @@ func foundLicense(payloadData any, _ map[string]*layer4.Change) (result layer4.R
 	return layer4.Passed, "License was found in a well known location via the GitHub API"
 }
 
-func releasesLicensed(payloadData any, _ map[string]*layer4.Change) (result layer4.Result, message string) {
+func releasesLicensed(payloadData any) (result layer4.Result, message string) {
 	data, message := reusable_steps.VerifyPayload(payloadData)
 	if message != "" {
 		return layer4.Unknown, message
@@ -77,7 +77,7 @@ func releasesLicensed(payloadData any, _ map[string]*layer4.Change) (result laye
 	return layer4.Passed, "GitHub releases include the license(s) in the released source code."
 }
 
-func goodLicense(payloadData any, _ map[string]*layer4.Change) (result layer4.Result, message string) {
+func goodLicense(payloadData any) (result layer4.Result, message string) {
 	data, message := reusable_steps.VerifyPayload(payloadData)
 	if message != "" {
 		return layer4.Unknown, message
@@ -126,4 +126,4 @@ func goodLicense(payloadData any, _ map[string]*layer4.Change) (result layer4.Re
 		return layer4.Failed, fmt.Sprintf("These licenses are not OSI or FSF approved: %s", strings.Join(badLicenses, ", "))
 	}
 	return layer4.NeedsReview, "All license found are OSI or FSF approved"
-}
+}
\ No newline at end of file
diff --git a/evaluation_plans/osps/legal/steps_test.go b/evaluation_plans/osps/legal/steps_test.go
index 751f845..0402d64 100644
--- a/evaluation_plans/osps/legal/steps_test.go
+++ b/evaluation_plans/osps/legal/steps_test.go
@@ -75,7 +75,7 @@ func TestReleasesLicensed(t *testing.T) {
 
 	for _, test := range tests {
 		t.Run(test.name, func(t *testing.T) {
-			result, message := releasesLicensed(test.payloadData, nil)
+			result, message := releasesLicensed(test.payloadData)
 			assert.Equal(t, test.expectedResult, result)
 			assert.Equal(t, test.expectedMessage, message)
 		})
@@ -192,7 +192,7 @@ func TestGoodLicense(t *testing.T) {
 	tests := []struct {
 		name            string
 		payloadData     any
-		apiResponse		 []byte
+		apiResponse     []byte
 		apiError        error
 		expectedResult  layer4.Result
 		expectedMessage string
@@ -209,8 +209,8 @@ func TestGoodLicense(t *testing.T) {
 				GraphqlRepoData: &data.GraphqlRepoData{},
 				Config:          &config.Config{},
 			},
-			apiResponse: []byte(`{"licenses":[{"licenseId":"MIT","isOsiApproved":true,"isFsfLibre":false}]}`),
-			apiError: nil,
+			apiResponse:     []byte(`{"licenses":[{"licenseId":"MIT","isOsiApproved":true,"isFsfLibre":false}]}`),
+			apiError:        nil,
 			expectedResult:  layer4.Failed,
 			expectedMessage: "License SPDX identifier was not found in Security Insights data or via GitHub API",
 		},
@@ -224,8 +224,8 @@ func TestGoodLicense(t *testing.T) {
 				}(),
 				Config: &config.Config{},
 			},
-			apiResponse: []byte(`{"licenses":[{"licenseId":"MIT","isOsiApproved":true,"isFsfLibre":false}]}`),
-			apiError: nil,
+			apiResponse:     []byte(`{"licenses":[{"licenseId":"MIT","isOsiApproved":true,"isFsfLibre":false}]}`),
+			apiError:        nil,
 			expectedResult:  layer4.NeedsReview,
 			expectedMessage: "All license found are OSI or FSF approved",
 		},
@@ -239,8 +239,8 @@ func TestGoodLicense(t *testing.T) {
 				}(),
 				Config: &config.Config{},
 			},
-			apiResponse: []byte(`{"licenses":[{"licenseId":"BadLicense","isOsiApproved":false,"isFsfLibre":false}]}`),
-			apiError: nil,
+			apiResponse:     []byte(`{"licenses":[{"licenseId":"BadLicense","isOsiApproved":false,"isFsfLibre":false}]}`),
+			apiError:        nil,
 			expectedResult:  layer4.Failed,
 			expectedMessage: "These licenses are not OSI or FSF approved: BadLicense",
 		},
@@ -254,8 +254,8 @@ func TestGoodLicense(t *testing.T) {
 				}(),
 				Config: &config.Config{},
 			},
-			apiResponse: []byte(`{"licenses":[{"licenseId":"MIT","isOsiApproved":true,"isFsfLibre":false},{"licenseId":"BadLicense","isOsiApproved":false,"isFsfLibre":false}]}`),
-			apiError: nil,
+			apiResponse:     []byte(`{"licenses":[{"licenseId":"MIT","isOsiApproved":true,"isFsfLibre":false},{"licenseId":"BadLicense","isOsiApproved":false,"isFsfLibre":false}]}`),
+			apiError:        nil,
 			expectedResult:  layer4.Failed,
 			expectedMessage: "These licenses are not OSI or FSF approved: BadLicense",
 		},
@@ -269,8 +269,8 @@ func TestGoodLicense(t *testing.T) {
 				}(),
 				Config: &config.Config{},
 			},
-			apiResponse: []byte(`{"licenses":[{"licenseId":"MIT","isOsiApproved":true,"isFsfLibre":false}]}`),
-			apiError: nil,
+			apiResponse:     []byte(`{"licenses":[{"licenseId":"MIT","isOsiApproved":true,"isFsfLibre":false}]}`),
+			apiError:        nil,
 			expectedResult:  layer4.Failed,
 			expectedMessage: "These licenses are not OSI or FSF approved: UnknownLicense",
 		},
@@ -283,7 +283,7 @@ func TestGoodLicense(t *testing.T) {
 				test.payloadData = payload
 			}
 
-			result, message := goodLicense(test.payloadData, nil)
+			result, message := goodLicense(test.payloadData)
 			assert.Equal(t, test.expectedResult, result)
 			assert.Equal(t, test.expectedMessage, message)
 		})
diff --git a/evaluation_plans/osps/quality/evaluations.go b/evaluation_plans/osps/quality/evaluations.go
index 703cd15..7bcd528 100644
--- a/evaluation_plans/osps/quality/evaluations.go
+++ b/evaluation_plans/osps/quality/evaluations.go
@@ -10,7 +10,7 @@ import (
 
 func OSPS_QA_01() (evaluation *layer4.ControlEvaluation) {
 	evaluation = &layer4.ControlEvaluation{
-		ControlID: "OSPS-QA-01",
+		ControlId: "OSPS-QA-01",
 	}
 
 	evaluation.AddAssessment(
@@ -44,7 +44,7 @@ func OSPS_QA_01() (evaluation *layer4.ControlEvaluation) {
 
 func OSPS_QA_02() (evaluation *layer4.ControlEvaluation) {
 	evaluation = &layer4.ControlEvaluation{
-		ControlID: "OSPS-QA-02",
+		ControlId: "OSPS-QA-02",
 	}
 
 	evaluation.AddAssessment(
@@ -76,7 +76,7 @@ func OSPS_QA_02() (evaluation *layer4.ControlEvaluation) {
 
 func OSPS_QA_03() (evaluation *layer4.ControlEvaluation) {
 	evaluation = &layer4.ControlEvaluation{
-		ControlID: "OSPS-QA-03",
+		ControlId: "OSPS-QA-03",
 	}
 
 	evaluation.AddAssessment(
@@ -97,7 +97,7 @@ func OSPS_QA_03() (evaluation *layer4.ControlEvaluation) {
 
 func OSPS_QA_04() (evaluation *layer4.ControlEvaluation) {
 	evaluation = &layer4.ControlEvaluation{
-		ControlID: "OSPS-QA-04",
+		ControlId: "OSPS-QA-04",
 	}
 
 	evaluation.AddAssessment(
@@ -134,7 +134,7 @@ func OSPS_QA_04() (evaluation *layer4.ControlEvaluation) {
 
 func OSPS_QA_05() (evaluation *layer4.ControlEvaluation) {
 	evaluation = &layer4.ControlEvaluation{
-		ControlID: "OSPS-QA-05",
+		ControlId: "OSPS-QA-05",
 	}
 
 	evaluation.AddAssessment(
@@ -156,7 +156,7 @@ func OSPS_QA_05() (evaluation *layer4.ControlEvaluation) {
 
 func OSPS_QA_06() (evaluation *layer4.ControlEvaluation) {
 	evaluation = &layer4.ControlEvaluation{
-		ControlID: "OSPS-QA-06",
+		ControlId: "OSPS-QA-06",
 	}
 
 	evaluation.AddAssessment(
@@ -200,7 +200,7 @@ func OSPS_QA_06() (evaluation *layer4.ControlEvaluation) {
 
 func OSPS_QA_07() (evaluation *layer4.ControlEvaluation) {
 	evaluation = &layer4.ControlEvaluation{
-		ControlID: "OSPS-QA-07",
+		ControlId: "OSPS-QA-07",
 	}
 
 	evaluation.AddAssessment(
diff --git a/evaluation_plans/osps/quality/steps.go b/evaluation_plans/osps/quality/steps.go
index d6e4c7f..40d9c8d 100644
--- a/evaluation_plans/osps/quality/steps.go
+++ b/evaluation_plans/osps/quality/steps.go
@@ -8,7 +8,7 @@ import (
 	"github.com/revanite-io/pvtr-github-repo/evaluation_plans/reusable_steps"
 )
 
-func repoIsPublic(payloadData any, _ map[string]*layer4.Change) (result layer4.Result, message string) {
+func repoIsPublic(payloadData any) (result layer4.Result, message string) {
 	data, message := reusable_steps.VerifyPayload(payloadData)
 	if message != "" {
 		return layer4.Unknown, message
@@ -19,7 +19,7 @@ func repoIsPublic(payloadData any, _ map[string]*layer4.Change) (result layer4.R
 	return layer4.Failed, "Repository is private"
 }
 
-func insightsListsRepositories(payloadData any, _ map[string]*layer4.Change) (result layer4.Result, message string) {
+func insightsListsRepositories(payloadData any) (result layer4.Result, message string) {
 	data, message := reusable_steps.VerifyPayload(payloadData)
 	if message != "" {
 		return layer4.Unknown, message
@@ -32,7 +32,7 @@ func insightsListsRepositories(payloadData any, _ map[string]*layer4.Change) (re
 	return layer4.Failed, "Insights does not contain a list of repositories"
 }
 
-func statusChecksAreRequiredByRulesets(payloadData any, _ map[string]*layer4.Change) (result layer4.Result, message string) {
+func statusChecksAreRequiredByRulesets(payloadData any) (result layer4.Result, message string) {
 	data, message := reusable_steps.VerifyPayload(payloadData)
 	if message != "" {
 		return layer4.Unknown, message
@@ -84,7 +84,7 @@ func statusChecksAreRequiredByRulesets(payloadData any, _ map[string]*layer4.Cha
 	return layer4.Passed, "No status checks were run that are not required by the rules"
 }
 
-func statusChecksAreRequiredByBranchProtection(payloadData any, _ map[string]*layer4.Change) (result layer4.Result, message string) {
+func statusChecksAreRequiredByBranchProtection(payloadData any) (result layer4.Result, message string) {
 	data, message := reusable_steps.VerifyPayload(payloadData)
 	if message != "" {
 		return layer4.Unknown, message
@@ -124,7 +124,7 @@ func statusChecksAreRequiredByBranchProtection(payloadData any, _ map[string]*la
 	return layer4.Passed, "No status checks were run that are not required by branch protection"
 }
 
-func noBinariesInRepo(payloadData any, _ map[string]*layer4.Change) (result layer4.Result, message string) {
+func noBinariesInRepo(payloadData any) (result layer4.Result, message string) {
 	data, message := reusable_steps.VerifyPayload(payloadData)
 	if message != "" {
 		return layer4.Unknown, message
@@ -144,7 +144,7 @@ func noBinariesInRepo(payloadData any, _ map[string]*layer4.Change) (result laye
 	return layer4.Failed, fmt.Sprintf("Suspected binaries found in the repository: %s", strings.Join(suspectedBinaries, ", "))
 }
 
-func requiresNonAuthorApproval(payloadData any, _ map[string]*layer4.Change) (result layer4.Result, message string) {
+func requiresNonAuthorApproval(payloadData any) (result layer4.Result, message string) {
 	data, message := reusable_steps.VerifyPayload(payloadData)
 	if message != "" {
 		return layer4.Unknown, message
@@ -167,7 +167,7 @@ func requiresNonAuthorApproval(payloadData any, _ map[string]*layer4.Change) (re
 	return layer4.Passed, fmt.Sprintf("Branch protection requires %d approving reviews and re-approval after new commits", reviewCount)
 }
 
-func hasOneOrMoreStatusChecks(payloadData any, _ map[string]*layer4.Change) (result layer4.Result, message string) {
+func hasOneOrMoreStatusChecks(payloadData any) (result layer4.Result, message string) {
 	data, message := reusable_steps.VerifyPayload(payloadData)
 	if message != "" {
 		return layer4.Unknown, message
@@ -190,7 +190,7 @@ func hasOneOrMoreStatusChecks(payloadData any, _ map[string]*layer4.Change) (res
 	return layer4.Failed, "No status checks were run"
 }
 
-func verifyDependencyManagement(payloadData any, _ map[string]*layer4.Change) (result layer4.Result, message string) {
+func verifyDependencyManagement(payloadData any) (result layer4.Result, message string) {
 	data, message := reusable_steps.VerifyPayload(payloadData)
 	if message != "" {
 		return layer4.Unknown, message
@@ -220,7 +220,7 @@ func countDependencyManifests(payloadData any) (result layer4.Result, message st
 	return layer4.NeedsReview, "No dependency manifests found in the GitHub dependency graph API. Review project to ensure dependencies are managed."
 }
 
-func documentsTestExecution(payloadData any, _ map[string]*layer4.Change) (result layer4.Result, message string) {
+func documentsTestExecution(payloadData any) (result layer4.Result, message string) {
 	_, message = reusable_steps.VerifyPayload(payloadData)
 	if message != "" {
 		return layer4.Unknown, message
@@ -229,10 +229,10 @@ func documentsTestExecution(payloadData any, _ map[string]*layer4.Change) (resul
 	return layer4.NeedsReview, "Review project documentation to ensure it explains when and how tests are run"
 }
 
-func documentsTestMaintenancePolicy(payloadData any, _ map[string]*layer4.Change) (result layer4.Result, message string) {
+func documentsTestMaintenancePolicy(payloadData any) (result layer4.Result, message string) {
 	_, message = reusable_steps.VerifyPayload(payloadData)
 	if message != "" {
 		return layer4.Unknown, message
 	}
 	return layer4.NeedsReview, "Review project documentation to ensure it contains a clear policy for maintaining tests"
-}
+}
\ No newline at end of file
diff --git a/evaluation_plans/osps/quality/steps_test.go b/evaluation_plans/osps/quality/steps_test.go
index 46612eb..3204264 100644
--- a/evaluation_plans/osps/quality/steps_test.go
+++ b/evaluation_plans/osps/quality/steps_test.go
@@ -61,7 +61,7 @@ func Test_insightsListsRepositories(t *testing.T) {
 
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			gotResult, gotMsg := insightsListsRepositories(tt.payload, nil)
+			gotResult, gotMsg := insightsListsRepositories(tt.payload)
 			if gotResult != tt.wantResult {
 				t.Errorf("result = %v, want %v", gotResult, tt.wantResult)
 			}
diff --git a/evaluation_plans/osps/sec_assessment/evaluations.go b/evaluation_plans/osps/sec_assessment/evaluations.go
index 12ff107..c778a21 100644
--- a/evaluation_plans/osps/sec_assessment/evaluations.go
+++ b/evaluation_plans/osps/sec_assessment/evaluations.go
@@ -10,7 +10,7 @@ import (
 
 func OSPS_SA_01() (evaluation *layer4.ControlEvaluation) {
 	evaluation = &layer4.ControlEvaluation{
-		ControlID: "OSPS-SA-01",
+		ControlId: "OSPS-SA-01",
 	}
 
 	evaluation.AddAssessment(
@@ -30,7 +30,7 @@ func OSPS_SA_01() (evaluation *layer4.ControlEvaluation) {
 
 func OSPS_SA_02() (evaluation *layer4.ControlEvaluation) {
 	evaluation = &layer4.ControlEvaluation{
-		ControlID: "OSPS-SA-02",
+		ControlId: "OSPS-SA-02",
 	}
 
 	evaluation.AddAssessment(
@@ -50,7 +50,7 @@ func OSPS_SA_02() (evaluation *layer4.ControlEvaluation) {
 
 func OSPS_SA_03() (evaluation *layer4.ControlEvaluation) {
 	evaluation = &layer4.ControlEvaluation{
-		ControlID: "OSPS-SA-03",
+		ControlId: "OSPS-SA-03",
 	}
 
 	evaluation.AddAssessment(
diff --git a/evaluation_plans/osps/vuln_management/evaluations.go b/evaluation_plans/osps/vuln_management/evaluations.go
index bc74716..4d282a7 100644
--- a/evaluation_plans/osps/vuln_management/evaluations.go
+++ b/evaluation_plans/osps/vuln_management/evaluations.go
@@ -10,7 +10,7 @@ import (
 
 func OSPS_VM_01() (evaluation *layer4.ControlEvaluation) {
 	evaluation = &layer4.ControlEvaluation{
-		ControlID: "OSPS-VM-01",
+		ControlId: "OSPS-VM-01",
 	}
 
 	evaluation.AddAssessment(
@@ -32,7 +32,7 @@ func OSPS_VM_01() (evaluation *layer4.ControlEvaluation) {
 
 func OSPS_VM_02() (evaluation *layer4.ControlEvaluation) {
 	evaluation = &layer4.ControlEvaluation{
-		ControlID: "OSPS-VM-02",
+		ControlId: "OSPS-VM-02",
 	}
 
 	evaluation.AddAssessment(
@@ -52,7 +52,7 @@ func OSPS_VM_02() (evaluation *layer4.ControlEvaluation) {
 
 func OSPS_VM_03() (evaluation *layer4.ControlEvaluation) {
 	evaluation = &layer4.ControlEvaluation{
-		ControlID: "OSPS-VM-03",
+		ControlId: "OSPS-VM-03",
 	}
 
 	evaluation.AddAssessment(
@@ -74,7 +74,7 @@ func OSPS_VM_03() (evaluation *layer4.ControlEvaluation) {
 
 func OSPS_VM_04() (evaluation *layer4.ControlEvaluation) {
 	evaluation = &layer4.ControlEvaluation{
-		ControlID: "OSPS-VM-04",
+		ControlId: "OSPS-VM-04",
 	}
 
 	evaluation.AddAssessment(
@@ -105,7 +105,7 @@ func OSPS_VM_04() (evaluation *layer4.ControlEvaluation) {
 
 func OSPS_VM_05() (evaluation *layer4.ControlEvaluation) {
 	evaluation = &layer4.ControlEvaluation{
-		ControlID: "OSPS-VM-05",
+		ControlId: "OSPS-VM-05",
 	}
 
 	evaluation.AddAssessment(
@@ -146,7 +146,7 @@ func OSPS_VM_05() (evaluation *layer4.ControlEvaluation) {
 
 func OSPS_VM_06() (evaluation *layer4.ControlEvaluation) {
 	evaluation = &layer4.ControlEvaluation{
-		ControlID: "OSPS-VM-06",
+		ControlId: "OSPS-VM-06",
 	}
 
 	evaluation.AddAssessment(
diff --git a/evaluation_plans/osps/vuln_management/steps.go b/evaluation_plans/osps/vuln_management/steps.go
index a8a9741..63a025d 100644
--- a/evaluation_plans/osps/vuln_management/steps.go
+++ b/evaluation_plans/osps/vuln_management/steps.go
@@ -8,7 +8,7 @@ import (
 	"github.com/revanite-io/pvtr-github-repo/evaluation_plans/reusable_steps"
 )
 
-func hasSecContact(payloadData any, _ map[string]*layer4.Change) (result layer4.Result, message string) {
+func hasSecContact(payloadData any) (result layer4.Result, message string) {
 	data, message := reusable_steps.VerifyPayload(payloadData)
 	if message != "" {
 		return layer4.Unknown, message
@@ -28,7 +28,7 @@ func hasSecContact(payloadData any, _ map[string]*layer4.Change) (result layer4.
 	return layer4.Failed, "Security contacts were not specified in Security Insights data"
 }
 
-func sastToolDefined(payloadData interface{}, _ map[string]*layer4.Change) (result layer4.Result, message string) {
+func sastToolDefined(payloadData interface{}) (result layer4.Result, message string) {
 	data, message := reusable_steps.VerifyPayload(payloadData)
 	if message != "" {
 		return layer4.Unknown, message
@@ -48,7 +48,7 @@ func sastToolDefined(payloadData interface{}, _ map[string]*layer4.Change) (resu
 	return layer4.Failed, "No Static Application Security Testing documented in Security Insights"
 }
 
-func hasVulnerabilityDisclosurePolicy(payloadData any, _ map[string]*layer4.Change) (result layer4.Result, message string) {
+func hasVulnerabilityDisclosurePolicy(payloadData any) (result layer4.Result, message string) {
 	data, message := reusable_steps.VerifyPayload(payloadData)
 	if message != "" {
 		return layer4.Unknown, message
@@ -61,7 +61,7 @@ func hasVulnerabilityDisclosurePolicy(payloadData any, _ map[string]*layer4.Chan
 	return layer4.Passed, "Vulnerability disclosure policy was specified in Security Insights data"
 }
 
-func hasPrivateVulnerabilityReporting(payloadData any, _ map[string]*layer4.Change) (result layer4.Result, message string) {
+func hasPrivateVulnerabilityReporting(payloadData any) (result layer4.Result, message string) {
 	data, message := reusable_steps.VerifyPayload(payloadData)
 	if message != "" {
 		return layer4.Unknown, message
@@ -82,4 +82,4 @@ func hasPrivateVulnerabilityReporting(payloadData any, _ map[string]*layer4.Chan
 	}
 
 	return layer4.Failed, "No private vulnerability reporting contact method found in Security Insights data"
-}
+}
\ No newline at end of file
diff --git a/evaluation_plans/osps/vuln_management/steps_test.go b/evaluation_plans/osps/vuln_management/steps_test.go
index 1e71642..354cc1f 100644
--- a/evaluation_plans/osps/vuln_management/steps_test.go
+++ b/evaluation_plans/osps/vuln_management/steps_test.go
@@ -99,7 +99,7 @@ func TestSastToolDefined(t *testing.T) {
 	}
 
 	for _, test := range testData {
-		result, message := sastToolDefined(test.payloadData, nil)
+		result, message := sastToolDefined(test.payloadData)
 
 		assert.Equal(t, test.expectedResult, result, test.assertionMessage)
 		assert.Equal(t, test.expectedMessage, message, test.assertionMessage)
@@ -158,7 +158,7 @@ func TestHasVulnerabilityDisclosurePolicy(t *testing.T) {
 
 	for _, test := range tests {
 		t.Run(test.name, func(t *testing.T) {
-			result, message := hasVulnerabilityDisclosurePolicy(test.payloadData, nil)
+			result, message := hasVulnerabilityDisclosurePolicy(test.payloadData)
 			assert.Equal(t, test.expectedResult, result)
 			assert.Equal(t, test.expectedMessage, message)
 		})
@@ -282,7 +282,7 @@ func TestHasPrivateVulnerabilityReporting(t *testing.T) {
 
 	for _, test := range tests {
 		t.Run(test.name, func(t *testing.T) {
-			result, message := hasPrivateVulnerabilityReporting(test.payloadData, nil)
+			result, message := hasPrivateVulnerabilityReporting(test.payloadData)
 			assert.Equal(t, test.expectedResult, result)
 			assert.Equal(t, test.expectedMessage, message)
 		})
diff --git a/evaluation_plans/reusable_steps/evaluations.go b/evaluation_plans/reusable_steps/evaluations.go
index 23f715c..71b75da 100644
--- a/evaluation_plans/reusable_steps/evaluations.go
+++ b/evaluation_plans/reusable_steps/evaluations.go
@@ -16,11 +16,11 @@ func VerifyPayload(payloadData any) (payload data.Payload, message string) {
 	return
 }
 
-func NotImplemented(payloadData any, changes map[string]*layer4.Change) (result layer4.Result, message string) {
+func NotImplemented(payloadData any) (result layer4.Result, message string) {
 	return layer4.NeedsReview, "Not implemented"
 }
 
-func GithubBuiltIn(payloadData any, _ map[string]*layer4.Change) (result layer4.Result, message string) {
+func GithubBuiltIn(payloadData any) (result layer4.Result, message string) {
 	_, message = VerifyPayload(payloadData)
 	if message != "" {
 		return layer4.Unknown, message
@@ -29,11 +29,11 @@ func GithubBuiltIn(payloadData any, _ map[string]*layer4.Change) (result layer4.
 	return layer4.Passed, "This control is enforced by GitHub for all projects"
 }
 
-func GithubTermsOfService(payloadData any, _ map[string]*layer4.Change) (result layer4.Result, message string) {
+func GithubTermsOfService(payloadData any) (result layer4.Result, message string) {
 	return layer4.Passed, "This control is satisfied by the GitHub Terms of Service"
 }
 
-func HasSecurityInsightsFile(payloadData any, _ map[string]*layer4.Change) (result layer4.Result, message string) {
+func HasSecurityInsightsFile(payloadData any) (result layer4.Result, message string) {
 	payload, message := VerifyPayload(payloadData)
 	if message != "" {
 		return layer4.Unknown, message
@@ -46,7 +46,7 @@ func HasSecurityInsightsFile(payloadData any, _ map[string]*layer4.Change) (resu
 	return layer4.Passed, "Security insights file found"
 }
 
-func HasMadeReleases(payloadData any, _ map[string]*layer4.Change) (result layer4.Result, message string) {
+func HasMadeReleases(payloadData any) (result layer4.Result, message string) {
 	payload, message := VerifyPayload(payloadData)
 	if message != "" {
 		return layer4.Unknown, message
@@ -59,7 +59,7 @@ func HasMadeReleases(payloadData any, _ map[string]*layer4.Change) (result layer
 	return layer4.Passed, fmt.Sprintf("Found %v releases", len(payload.Releases))
 }
 
-func IsActive(payloadData any, _ map[string]*layer4.Change) (result layer4.Result, message string) {
+func IsActive(payloadData any) (result layer4.Result, message string) {
 	payload, message := VerifyPayload(payloadData)
 	if message != "" {
 		return layer4.Unknown, message
@@ -74,7 +74,7 @@ func IsActive(payloadData any, _ map[string]*layer4.Change) (result layer4.Resul
 	return result, fmt.Sprintf("Repo Status is %s", payload.Insights.Repository.Status)
 }
 
-func HasIssuesOrDiscussionsEnabled(payloadData any, _ map[string]*layer4.Change) (result layer4.Result, message string) {
+func HasIssuesOrDiscussionsEnabled(payloadData any) (result layer4.Result, message string) {
 	data, message := VerifyPayload(payloadData)
 	if message != "" {
 		return layer4.Unknown, message
@@ -92,7 +92,7 @@ func HasIssuesOrDiscussionsEnabled(payloadData any, _ map[string]*layer4.Change)
 	return layer4.Failed, "Both issues and discussions are disabled for the repository"
 }
 
-func HasDependencyManagementPolicy(payloadData any, _ map[string]*layer4.Change) (result layer4.Result, message string) {
+func HasDependencyManagementPolicy(payloadData any) (result layer4.Result, message string) {
 	payload, message := VerifyPayload(payloadData)
 	if message != "" {
 		return layer4.Unknown, message
@@ -105,7 +105,7 @@ func HasDependencyManagementPolicy(payloadData any, _ map[string]*layer4.Change)
 	return layer4.Failed, "No dependency management file found"
 }
 
-func IsCodeRepo(payloadData any, _ map[string]*layer4.Change) (result layer4.Result, message string) {
+func IsCodeRepo(payloadData any) (result layer4.Result, message string) {
 	payload, message := VerifyPayload(payloadData)
 	if message != "" {
 		return layer4.Unknown, message
diff --git a/evaluation_plans/reusable_steps/evaluations_test.go b/evaluation_plans/reusable_steps/evaluations_test.go
index ca14df7..b8338f0 100644
--- a/evaluation_plans/reusable_steps/evaluations_test.go
+++ b/evaluation_plans/reusable_steps/evaluations_test.go
@@ -89,7 +89,7 @@ func TestHasDependencyManagementPolicy(t *testing.T) {
 	}
 
 	for _, test := range testData {
-		result, message := HasDependencyManagementPolicy(test.payloadData, nil)
+		result, message := HasDependencyManagementPolicy(test.payloadData)
 		assert.Equal(t, test.expectedResult, result, test.assertionMessage)
 		assert.Equal(t, test.expectedMessage, message, test.assertionMessage)
 	}
@@ -131,7 +131,7 @@ func TestIsCodeRepo(t *testing.T) {
 	}
 
 	for _, tt := range tests {
-		result, message := IsCodeRepo(tt.payloadData, nil)
+		result, message := IsCodeRepo(tt.payloadData)
 		assert.Equal(t, tt.expectedResult, result, tt.assertionMessage)
 		assert.Equal(t, tt.expectedMessage, message, tt.assertionMessage)
 	}
@@ -184,7 +184,7 @@ func TestHasSecurityInsightsFile(t *testing.T) {
 	}
 
 	for _, tt := range tests {
-		result, message := HasSecurityInsightsFile(tt.payloadData, nil)
+		result, message := HasSecurityInsightsFile(tt.payloadData)
 		assert.Equal(t, tt.expectedResult, result, tt.assertionMessage)
 		assert.Equal(t, tt.expectedMessage, message, tt.assertionMessage)
 	}
@@ -252,8 +252,8 @@ func TestIsActive(t *testing.T) {
 	}
 
 	for _, tt := range tests {
-		result, message := IsActive(tt.payloadData, nil)
+		result, message := IsActive(tt.payloadData)
 		assert.Equal(t, tt.expectedResult, result, tt.assertionMessage)
 		assert.Equal(t, tt.expectedMessage, message, tt.assertionMessage)
 	}
-}
+}
\ No newline at end of file
diff --git a/go.mod b/go.mod
index dca71a9..3d1d31f 100644
--- a/go.mod
+++ b/go.mod
@@ -68,5 +68,9 @@ require (
 )
 
 // Uncomment if you're working on a dependency locally
-// replace github.com/privateerproj/privateer-sdk => ../privateer-sdk
 // replace github.com/ossf/si-tooling/v2 => ../si-tooling/v2
+// replace github.com/ossf/gemara => ../gemara
+
+replace github.com/privateerproj/privateer-sdk => github.com/trumant/privateer-sdk v0.0.0-20250928130238-c0085334756c
+
+replace github.com/ossf/gemara => github.com/trumant/gemara v0.0.0-20250928035815-5965a511fc2e
diff --git a/go.sum b/go.sum
index 9edfafa..a6cbc9f 100644
--- a/go.sum
+++ b/go.sum
@@ -75,8 +75,6 @@ github.com/migueleliasweb/go-github-mock v1.4.0 h1:pQ6K8r348m2q79A8Khb0PbEeNQV7t
 github.com/migueleliasweb/go-github-mock v1.4.0/go.mod h1:/DUmhXkxrgVlDOVBqGoUXkV4w0ms5n1jDQHotYm135o=
 github.com/oklog/run v1.1.0 h1:GEenZ1cK0+q0+wsJew9qUg/DyD8k3JzYsZAi5gYi2mA=
 github.com/oklog/run v1.1.0/go.mod h1:sVPdnTZT1zYwAJeCMu2Th4T21pA3FPOQRfWjQlk7DVU=
-github.com/ossf/gemara v0.10.1 h1:rvM8s/dAqF0QkCtztwgx92o/hWukRdS4rzsTpRT9chY=
-github.com/ossf/gemara v0.10.1/go.mod h1:FRRem1gQ9m+c3QiBLN/PkL/RfzyNpF3aO7AWqZVzerg=
 github.com/ossf/si-tooling/v2 v2.0.5-0.20250508212737-7ddcc8c43db9 h1:H8zbVnZ1dbVhoQVGZanbDOSOX91KiCSsge4+GLrcFms=
 github.com/ossf/si-tooling/v2 v2.0.5-0.20250508212737-7ddcc8c43db9/go.mod h1:I7UDEAfNwoT2iwZrvORukgkGLKeD/cgVhHtcLPpaS6c=
 github.com/pelletier/go-toml/v2 v2.2.4 h1:mye9XuhQ6gvn5h28+VilKrrPoQVanw5PMw/TB0t5Ec4=
@@ -84,8 +82,6 @@ github.com/pelletier/go-toml/v2 v2.2.4/go.mod h1:2gIqNv+qfxSVS7cM2xJQKtLSTLUE9V8
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/privateerproj/privateer-sdk v1.6.0 h1:lljDUiesQEhgSH/6ZX+LRu+DeJPj1wHBJUAj+A6PAbc=
-github.com/privateerproj/privateer-sdk v1.6.0/go.mod h1:jNQQqTxvEnQBvR/BuRrbxMt8wxe7fX6mOC7PBTYknVI=
 github.com/rhysd/actionlint v1.7.7 h1:0KgkoNTrYY7vmOCs9BW2AHxLvvpoY9nEUzgBHiPUr0k=
 github.com/rhysd/actionlint v1.7.7/go.mod h1:AE6I6vJEkNaIfWqC2GNE5spIJNhxf8NCtLEKU4NnUXg=
 github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
@@ -123,6 +119,10 @@ github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu
 github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U=
 github.com/subosito/gotenv v1.6.0 h1:9NlTDc1FTs4qu0DDq7AEtTPNw6SVm7uBMsUCUjABIf8=
 github.com/subosito/gotenv v1.6.0/go.mod h1:Dk4QP5c2W3ibzajGcXpNraDfq2IrhjMIvMSWPKKo0FU=
+github.com/trumant/gemara v0.0.0-20250928035815-5965a511fc2e h1:c45WH97vt9yfGV1INAvWn8oIbhwChwQFINVjdkp+VQc=
+github.com/trumant/gemara v0.0.0-20250928035815-5965a511fc2e/go.mod h1:FRRem1gQ9m+c3QiBLN/PkL/RfzyNpF3aO7AWqZVzerg=
+github.com/trumant/privateer-sdk v0.0.0-20250928130238-c0085334756c h1:IufZVZiZAFh8l1Xxpq/lyf4iorivK3OetvSlt0Sya0g=
+github.com/trumant/privateer-sdk v0.0.0-20250928130238-c0085334756c/go.mod h1:nBMtRJ7R5rkK2ynIS3JTBC/wT2lpKhUM47c/DMETCWY=
 go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA=
 go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A=
 go.opentelemetry.io/otel v1.34.0 h1:zRLXxLCgL1WyKsPVrgbSdMN4c0FMkDAskSTQP+0hdUY=