diff --git a/src/macaron/provenance/provenance_verifier.py b/src/macaron/provenance/provenance_verifier.py index 43ed2a348..180bc808f 100644 --- a/src/macaron/provenance/provenance_verifier.py +++ b/src/macaron/provenance/provenance_verifier.py @@ -173,21 +173,24 @@ def verify_ci_provenance(analyze_ctx: AnalyzeContext, ci_info: CIInfo, download_ # Iterate through the subjects and verify. for subject in provenance.payload.statement["subject"]: + logger.info("Subject: %s", subject) sub_asset = _find_subject_asset(subject, all_assets, download_path, ci_service) + logger.info("Sub_asset: %s", sub_asset) if not sub_asset: - logger.debug("Sub asset not found for: %s.", provenance.payload.statement["subject"]) + logger.info("Sub asset not found for: %s.", provenance.payload.statement["subject"]) return False + logger.info("Sub_asset: %s", sub_asset["name"]) if not Path(download_path, sub_asset["name"]).is_file(): if "size" in sub_asset and sub_asset["size"] > defaults.getint( "slsa.verifier", "max_download_size", fallback=1000000 ): - logger.debug("Sub asset too large to verify: %s", sub_asset["name"]) + logger.info("Sub asset too large to verify: %s", sub_asset["name"]) return False if "url" in sub_asset and not ci_service.api_client.download_asset( sub_asset["url"], os.path.join(download_path, sub_asset["name"]) ): - logger.debug("Sub asset not found: %s", sub_asset["name"]) + logger.info("Sub asset not found: %s", sub_asset["name"]) return False sub_verified = _verify_slsa( @@ -199,6 +202,7 @@ def verify_ci_provenance(analyze_ctx: AnalyzeContext, ci_info: CIInfo, download_ ) if not sub_verified: + logger.info("Sub asset not verified: %s", sub_asset["name"]) return False if sub_verified: