fix: Improve logging when an error is encontered in SI (#184)

* fix: Improve logging when an error is encontered in SI

Signed-off-by: Eddie Knight <knight@linux.com>

* Fixed failing test

Signed-off-by: Eddie Knight <knight@linux.com>

---------

Signed-off-by: Eddie Knight <knight@linux.com>

Author: eddie-knight

data/rest-data.go

@@ -5,6 +5,7 @@ import (
 	"encoding/json"
 	"fmt"
 	"io"
+	"log"
 	"net/http"
 	"strings"
 
@@ -27,6 +28,7 @@ type RestData struct {
 	WorkflowsEnabled    bool
 	WorkflowPermissions WorkflowPermissions
 	Insights            si.SecurityInsights
+	InsightsError       bool
 	Releases            []ReleaseData
 	Rulesets            []Ruleset
 	contents            RepoContent
@@ -129,7 +131,12 @@ func (r *RestData) checkFile(filename string) (filepath string) {
 	if filepath != "" {
 		return filepath
 	}
-	for _, dirContents := range r.contents.SubContent[".github"].Content {
+
+	forgeDir, err := r.getSubdirContents(".github")
+	if err != nil {
+		log.Printf("Failed to retrieve forge dir contents: %s", err.Error())
+	}
+	for _, dirContents := range forgeDir.Content {
 		// forge directory contents
 		if dirContents.GetType() != "file" {
 			continue
@@ -230,6 +237,7 @@ func (r *RestData) loadSecurityInsights() {
 		r.Insights = insights
 		if err != nil {
 			r.Config.Logger.Error(fmt.Sprintf("failed to read security insights file: %s", err.Error()))
+			r.InsightsError = true
 		}
 		return
 	}
@@ -308,6 +316,9 @@ func (c *RepoContent) GetSubdirContentByPath(r *RestData, path string) (RepoCont
 
 // getSubdirContents fetches contents of a directory
 func (r *RestData) getSubdirContents(path string) (RepoContent, error) {
+	if len(r.contents.SubContent[path].Content) > 0 {
+		return r.contents.SubContent[path], nil
+	}
 	_, content, _, err := r.ghClient.Repositories.GetContents(context.Background(), r.owner, r.repo, path, nil)
 	if err != nil {
 		return RepoContent{}, err

evaluation_plans/reusable_steps/steps.go

@@ -38,7 +38,9 @@ func HasSecurityInsightsFile(payloadData any) (result layer4.Result, message str
 	if message != "" {
 		return layer4.Unknown, message
 	}
-
+	if payload.InsightsError {
+		return layer4.NeedsReview, "An error was encountered while parsing Security Insights content"
+	}
 	if payload.Insights.Header.URL == "" {
 		return layer4.NeedsReview, "Security insights required for this assessment, but file not found"
 	}

go.mod

@@ -1,4 +1,4 @@
-module github.com/revanite-io/pvtr-github-rep
+module github.com/revanite-io/pvtr-github-repo
 
 go 1.25.1
 
@@ -8,10 +8,8 @@ require (
 	github.com/ossf/gemara v0.12.1
 	github.com/ossf/si-tooling/v2 v2.0.5-0.20250508212737-7ddcc8c43db9
 	github.com/privateerproj/privateer-sdk v1.10.0
-	github.com/revanite-io/pvtr-github-repo v0.12.0
 	github.com/rhysd/actionlint v1.7.8
 	github.com/shurcooL/githubv4 v0.0.0-20240727222349-48295856cce7
-	golang.org/x/oauth2 v0.32.0
 )
 
 require (
@@ -28,6 +26,7 @@ require (
 	github.com/santhosh-tekuri/jsonschema/v6 v6.0.2 // indirect
 	go.yaml.in/yaml/v3 v3.0.4 // indirect
 	go.yaml.in/yaml/v4 v4.0.0-rc.2 // indirect
+	golang.org/x/oauth2 v0.32.0 // indirect
 	golang.org/x/time v0.11.0 // indirect
 )
 

go.sum

@@ -86,8 +86,6 @@ github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRI
 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/privateerproj/privateer-sdk v1.10.0 h1:LlD8TxozQmx20N9jkuixTQIPSgSfxFrFbP38FivhADM=
 github.com/privateerproj/privateer-sdk v1.10.0/go.mod h1:eDst4232KyZd98dduG534GLxBfN1VtIZR6w5lUOiigY=
-github.com/revanite-io/pvtr-github-repo v0.12.0 h1:+Xae4WXDnc//wgClCLNawxj8J7tic5u9Zyqb9wu0/zg=
-github.com/revanite-io/pvtr-github-repo v0.12.0/go.mod h1:hi1Xyinxqk6wfC/DsqA+OWFmr5bwLSBuvlsbEzcTeaY=
 github.com/rhysd/actionlint v1.7.8 h1:3d+N9ourgAxVYG4z2IFxFIk/YiT6V+VnKASfXGwT60E=
 github.com/rhysd/actionlint v1.7.8/go.mod h1:3kiS6egcbXG+vQsJIhFxTz+UKaF1JprsE0SKrpCZKvU=
 github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=