Results difference

[joejstuart]

The results differed between validate image and the fallback validate image used in validate vsa.
The root cause was when validating the identifier is not a file, the "latest" tag was
appended to the image ref, so it always fell back to the latest image pushed.

This was fixed and the validation code has been simplified.

Assisted by: Claude Sonnet

[codecov]

Codecov Report

❌ Patch coverage is 16.66667% with 5 lines in your changes missing coverage. Please review.

Files with missing lines	Patch %	Lines
cmd/validate/vsa.go	0.00%	5 Missing ⚠️

Flag	Coverage Δ
generative	68.80% <16.66%> (-0.02%)	⬇️
integration	68.80% <16.66%> (-0.02%)	⬇️
unit	68.80% <16.66%> (-0.02%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines	Coverage Δ
internal/validate/vsa/fallback.go	37.33% <100.00%> (ø)
internal/validate/vsa/vsa.go	58.94% <ø> (-2.91%)	⬇️
cmd/validate/vsa.go	46.20% <0.00%> (+1.05%)	⬆️

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[simonbaird]

I don't understand it well, but let's merge see how we go.