@@ -79,37 +79,35 @@ def run_check(self, ctx: AnalyzeContext) -> CheckResultData:
7979 if predicate :
8080 build_type = json_extract (predicate , ["buildType" ], str )
8181
82- if build_type and build_type == "https://github.com/slsa-framework/slsa-github-generator/generic@v1" :
83- # Provenance is created by the SLSA GitHub generator and therefore verified.
82+ if not ctx . dynamic_data [ "provenance_verified" ] :
83+ # Provenance is not verified.
8484 return CheckResultData (
8585 result_tables = [
86- ProvenanceVerifiedFacts (build_level = 3 , build_type = build_type , confidence = Confidence .HIGH )
86+ ProvenanceVerifiedFacts (
87+ build_level = 1 ,
88+ build_type = build_type ,
89+ confidence = Confidence .HIGH ,
90+ )
8791 ],
88- result_type = CheckResultType .PASSED ,
92+ result_type = CheckResultType .FAILED ,
8993 )
9094
91- if not ctx . dynamic_data [ "provenance_verified" ] :
92- # Provenance is not verified.
95+ if not ( build_type and build_type == "https://github.com/slsa-framework/slsa-github-generator/generic@v1" ) :
96+ # Provenance is verified.
9397 return CheckResultData (
9498 result_tables = [
9599 ProvenanceVerifiedFacts (
96- build_level = 1 ,
100+ build_level = 2 ,
97101 build_type = build_type ,
98102 confidence = Confidence .HIGH ,
99103 )
100104 ],
101- result_type = CheckResultType .FAILED ,
105+ result_type = CheckResultType .PASSED ,
102106 )
103107
104- # Provenance is verified.
108+ # Provenance is created by the SLSA GitHub generator and verified.
105109 return CheckResultData (
106- result_tables = [
107- ProvenanceVerifiedFacts (
108- build_level = 2 ,
109- build_type = build_type ,
110- confidence = Confidence .HIGH ,
111- )
112- ],
110+ result_tables = [ProvenanceVerifiedFacts (build_level = 3 , build_type = build_type , confidence = Confidence .HIGH )],
113111 result_type = CheckResultType .PASSED ,
114112 )
115113
0 commit comments