Address PR comments.

internal/engine/eval/trusty/trusty.go

@@ -305,42 +305,74 @@ func getDependencyScore(
 		PackageVersion: &dep.Dep.Version,
 	}
 
-	respSummary, err := trustyClient.Summary(ctx, input)
-	if err != nil {
-		return nil, fmt.Errorf("failed getting summary: %w", err)
-	}
-
-	respPkg, err := trustyClient.PackageMetadata(ctx, input)
-	if err != nil {
-		return nil, fmt.Errorf("failed getting package metadata: %w", err)
-	}
-
-	respAlternatives, err := trustyClient.Alternatives(ctx, input)
-	if err != nil {
-		return nil, fmt.Errorf("failed getting alternatives: %w", err)
-	}
-
-	respProvenance, err := trustyClient.Provenance(ctx, input)
-	if err != nil {
-		return nil, fmt.Errorf("failed getting provenance: %w", err)
+	summary := make(chan *trustytypes.PackageSummaryAnnotation, 1)
+	metadata := make(chan *trustytypes.TrustyPackageData, 1)
+	alternatives := make(chan *trustytypes.PackageAlternatives, 1)
+	provenance := make(chan *trustytypes.Provenance, 1)
+	errors := make(chan error)
+
+	defer func() {
+		close(summary)
+		close(metadata)
+		close(alternatives)
+		close(provenance)
+		close(errors)
+	}()
+
+	go func() {
+		resp, err := trustyClient.Summary(ctx, input)
+		errors <- err
+		summary <- resp
+	}()
+
+	go func() {
+		resp, err := trustyClient.PackageMetadata(ctx, input)
+		errors <- err
+		metadata <- resp
+	}()
+
+	go func() {
+		resp, err := trustyClient.Alternatives(ctx, input)
+		errors <- err
+		alternatives <- resp
+	}()
+
+	go func() {
+		resp, err := trustyClient.Provenance(ctx, input)
+		errors <- err
+		provenance <- resp
+	}()
+
+	// Beware of the magic number 4, which is the number of
+	// asynchronous calls fired in the previous lines. This must
+	// be kept in sync.
+	for i := 0; i < 4; i++ {
+		err := <-errors
+		if err != nil {
+			return nil, fmt.Errorf("Trusty call failed: %w", err)
+		}
 	}
+	respSummary := <-summary
+	respPkg := <-metadata
+	respAlternatives := <-alternatives
+	respProvenance := <-provenance
 
 	res := makeTrustyReport(dep,
-		respSummary,
-		respPkg,
-		respAlternatives,
-		respProvenance,
+		*respSummary,
+		*respPkg,
+		*respAlternatives,
+		*respProvenance,
 	)
 
 	return res, nil
 }
 
 func makeTrustyReport(
 	dep *pbinternal.PrDependencies_ContextualDependency,
-	respSummary *trustytypes.PackageSummaryAnnotation,
-	respPkg *trustytypes.TrustyPackageData,
-	respAlternatives *trustytypes.PackageAlternatives,
-	respProvenance *trustytypes.Provenance,
+	respSummary trustytypes.PackageSummaryAnnotation,
+	respPkg trustytypes.TrustyPackageData,
+	respAlternatives trustytypes.PackageAlternatives,
+	respProvenance trustytypes.Provenance,
 ) *trustyReport {
 	res := &trustyReport{
 		PackageName:    dep.Dep.Name,
@@ -364,21 +396,13 @@ func makeTrustyReport(
 	return res
 }
 
-func addSummaryDetails(res *trustyReport, resp *trustytypes.PackageSummaryAnnotation) {
-	if resp == nil {
-		return
-	}
-
+func addSummaryDetails(res *trustyReport, resp trustytypes.PackageSummaryAnnotation) {
 	res.Score = resp.Score
 	res.ActivityScore = resp.Description.Activity
 	res.ProvenanceScore = resp.Description.Provenance
 }
 
-func addMetadataDetails(res *trustyReport, resp *trustytypes.TrustyPackageData) {
-	if resp == nil {
-		return
-	}
-
+func addMetadataDetails(res *trustyReport, resp trustytypes.TrustyPackageData) {
 	res.IsDeprecated = resp.IsDeprecated != nil && *resp.IsDeprecated
 	res.IsArchived = resp.Archived != nil && *resp.Archived
 }
@@ -456,23 +480,15 @@ func makeAlternatives(
 func makeMaliciousDetails(
 	maliciousInfo *trustytypes.PackageMaliciousPayload,
 ) *malicious {
-	if maliciousInfo == nil {
-		return nil
-	}
-
 	return &malicious{
 		Summary: maliciousInfo.Summary,
 		Details: preprocessDetails(maliciousInfo.Details),
 	}
 }
 
 func makeProvenance(
-	resp *trustytypes.Provenance,
+	resp trustytypes.Provenance,
 ) *provenance {
-	if resp == nil {
-		return nil
-	}
-
 	prov := &provenance{}
 	if resp.Historical.Overlap != 0 {
 		prov.Historical = &historicalProvenance{