Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

When the trusty evaluator can't fetch any scores, it still says that the PR contains no packages with low scores #292

Open
jhrozek opened this issue Jan 16, 2024 · 4 comments
Open

When the trusty evaluator can't fetch any scores, it still says that the PR contains no packages with low scores #292

jhrozek opened this issue Jan 16, 2024 · 4 comments
Labels
bug Something isn't working P1 Fix Soon: High priority items that should be considered in the next Sprint planning cycle

Comments

@jhrozek
Copy link
Contributor

jhrozek commented Jan 16, 2024

Describe the issue

We have a branch in the trusty evaluator that checks if we managed to fetch a score for a package at all:

	if resp.Summary.Score == 0 {
			logger.Info().
				Str("dependency", dep.Dep.Name).
				Msgf("the dependency has no score, skipping")
			continue
		}

but if we can't fetch any packages we just say that no packages with low scores were found. We should at the very least change the summary in case no scores can be fetched or even provide a separate table with dependencies that couldn't be fetched so that the maintainers can check those themselves.

To Reproduce

unsure, I managed to hit this in combination with a trusty bug

What version are you using?

v0.0.24+ref.aa6a2170
@jhrozek jhrozek added the bug Something isn't working label Jan 16, 2024
@evankanderson evankanderson added the P1 Fix Soon: High priority items that should be considered in the next Sprint planning cycle label Jul 10, 2024
@evankanderson
Copy link
Member

@rdimitrov might have fixed this without noticing that we had an open issue.

@evankanderson
Copy link
Member

@rdimitrov -- do you know if you fixed this?

If not, we should put this in the next sprint as part of our quality work.

@rdimitrov
Copy link
Member

@evankanderson - I'm not sure, I haven't tested it yet, so I'll suggest to plan it for the next sprint. Best case scenario is we confirm it's fixed and close it.

@evankanderson evankanderson transferred this issue from mindersec/minder Jan 28, 2025
@evankanderson
Copy link
Member

(Trusty has also removed a top-level score)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working P1 Fix Soon: High priority items that should be considered in the next Sprint planning cycle
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jhrozek @evankanderson @rdimitrov