chore: minor fixes after rebase

Signed-off-by: Ben Selwyn-Smith <[email protected]>

Author: benmss

src/macaron/repo_finder/provenance_finder.py

@@ -377,7 +377,7 @@ def find_gav_provenance(purl: PackageURL, registry: JFrogMavenRegistry) -> list[
     return provenances[:1]
 
 
-def find_provenance_from_ci(self, analyze_ctx: AnalyzeContext, git_obj: Git | None) -> InTotoPayload | None:
+def find_provenance_from_ci(analyze_ctx: AnalyzeContext, git_obj: Git | None) -> InTotoPayload | None:
     """Try to find provenance from CI services of the repository.
 
     Note that we stop going through the CI services once we encounter a CI service
@@ -463,7 +463,7 @@ def find_provenance_from_ci(self, analyze_ctx: AnalyzeContext, git_obj: Git | No
                 ci_info["provenance_assets"].extend(provenance_assets)
 
                 # Download the provenance assets and load the provenance payloads.
-                self.download_provenances_from_github_actions_ci_service(
+                download_provenances_from_github_actions_ci_service(
                     ci_info,
                 )
 
@@ -473,7 +473,7 @@ def find_provenance_from_ci(self, analyze_ctx: AnalyzeContext, git_obj: Git | No
     return None
 
 
-def download_provenances_from_github_actions_ci_service(self, ci_info: CIInfo) -> None:
+def download_provenances_from_github_actions_ci_service(ci_info: CIInfo) -> None:
     """Download provenances from GitHub Actions.
 
     Parameters

src/macaron/slsa_analyzer/analyzer.py

@@ -41,7 +41,7 @@
     check_if_input_repo_commit_provenance_conflict,
     extract_repo_and_commit_from_provenance,
 )
-from macaron.repo_finder.provenance_finder import ProvenanceFinder
+from macaron.repo_finder.provenance_finder import ProvenanceFinder, find_provenance_from_ci
 from macaron.slsa_analyzer import git_url
 from macaron.slsa_analyzer.analyze_context import AnalyzeContext
 from macaron.slsa_analyzer.asset import VirtualReleaseAsset
@@ -322,6 +322,7 @@ def run_single(
                 status=SCMStatus.ANALYSIS_FAILED,
             )
 
+        provenance_is_verified = False
         if not provenance_payload and parsed_purl:
             # Try to find the provenance file for the parsed PURL.
             provenance_finder = ProvenanceFinder()
@@ -440,7 +441,7 @@ def run_single(
 
         if not provenance_payload:
             # Look for provenance using the CI.
-            provenance_payload = ProvenanceFinder().find_provenance_from_ci(analyze_ctx, git_obj)
+            provenance_payload = find_provenance_from_ci(analyze_ctx, git_obj)
             # If found, verify analysis target against new provenance
             if provenance_payload:
                 # If repository URL was not provided as input, check the one found during analysis.
@@ -1191,7 +1192,7 @@ def perform_checks(self, analyze_ctx: AnalyzeContext) -> dict[str, CheckResult]:
                             service=ci_service,
                             callgraph=callgraph,
                             provenance_assets=[],
-                            latest_release={},
+                            release={},
                             provenances=[
                                 SLSAProvenanceData(
                                     payload=InTotoV01Payload(statement=Provenance().payload),

src/macaron/slsa_analyzer/checks/provenance_available_check.py

@@ -71,7 +71,7 @@ def run_check(self, ctx: AnalyzeContext) -> CheckResultData:
         CheckResultData
             The result of the check.
         """
-        available = True if (not ctx.dynamic_data["is_inferred_prov"] and ctx.dynamic_data["provenance"]) else False
+        available = ctx.dynamic_data["provenance"] and not ctx.dynamic_data["is_inferred_prov"]
         return CheckResultData(
             result_tables=[
                 ProvenanceAvailableFacts(