The values stored within some CheckFacts instances are not consistent.

[tromai]

During my exploration, I noticed something with our current setup of checks.

Let's take the build as code check as an example. The build as code check will create instances of BuildAsCodeFacts

macaron/src/macaron/slsa_analyzer/checks/build_as_code_check.py

Line 37 in 39bd296

class BuildAsCodeFacts(CheckFacts):

Those instances stores information that will later be put into the SQLite database. A BuildAsCodeFacts instance has an attribute called deploy_command. At some places, the value stored to this attribute is a JSON - serialized value (e.g.

macaron/src/macaron/slsa_analyzer/checks/build_as_code_check.py

Line 262 in 39bd296

deploy_command=tool.serialize_to_json(build_command["command"]),

).

At other places, it's stored as a string without going through serialization:

macaron/src/macaron/slsa_analyzer/checks/build_as_code_check.py

Line 201 in 39bd296

deploy_command=workflow_name,

and

macaron/src/macaron/slsa_analyzer/checks/build_as_code_check.py

Line 291 in 39bd296

deploy_command=deploy_kw,

This could be an issue if someone wants to read this field as the format is not consistent.

In additions, this issue also happens to build service check with BuildServiceFacts's build_command attribute

macaron/src/macaron/slsa_analyzer/checks/build_service_check.py

Line 47 in 39bd296

build_command: Mapped[str] = mapped_column(String, nullable=True, info={"justification": JustificationType.TEXT})