You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Because this repository doesn't have a provenance that Macaron can detect, Macaron put an inferred provenance in the final JSON report.
The content of the JSON report of this analysis is as follow:
In scenarios where the branch name is not available, the content of this uri will be incorrect
Suggestion
If the branch name is not available for this software component, we can use f"{ctx.component.repository.remote_path}" only without f"@refs/heads/{ctx.component.repository.branch_name}"
The text was updated successfully, but these errors were encountered:
How to replicate
Run this command:
Because this repository doesn't have a provenance that Macaron can detect, Macaron put an inferred provenance in the final JSON report.
The content of the JSON report of this analysis is as follow:
Description
The logic for generating the content of invocation.configSource.uri for the inferred provenance is located here:
In scenarios where the branch name is not available, the content of this uri will be incorrect
Suggestion
If the branch name is not available for this software component, we can use
f"{ctx.component.repository.remote_path}"
only withoutf"@refs/heads/{ctx.component.repository.branch_name}"
The text was updated successfully, but these errors were encountered: