We have a branch in the trusty evaluator that checks if we managed to fetch a score for a package at all:
if resp.Summary.Score == 0 {
logger.Info().
Str("dependency", dep.Dep.Name).
Msgf("the dependency has no score, skipping")
continue
}
but if we can't fetch any packages we just say that no packages with low scores were found. We should at the very least change the summary in case no scores can be fetched or even provide a separate table with dependencies that couldn't be fetched so that the maintainers can check those themselves.
To Reproduce
unsure, I managed to hit this in combination with a trusty bug
Describe the issue
We have a branch in the trusty evaluator that checks if we managed to fetch a score for a package at all:
but if we can't fetch any packages we just say that no packages with low scores were found. We should at the very least change the summary in case no scores can be fetched or even provide a separate table with dependencies that couldn't be fetched so that the maintainers can check those themselves.
To Reproduce
unsure, I managed to hit this in combination with a trusty bug
What version are you using?
v0.0.24+ref.aa6a2170