Merge Request Security widget is failing when no vulnerabilities are found
Summary
Spotted by @ayufan, the Security Widget will fail if at least one of the report is empty.
Steps to reproduce
- Run
dependency_scanning
job on a project without vulnerabilities - Create a MR on a branch with or without vulnerabilities
- Open the Security Widget --> Dependency scanning: Loading resulted in an error
Example Project
https://staging.gitlab.com/secure-team-test/yarn-remediation
What is the current bug behavior?
"Dependency scanning: Loading resulted in an error", because vulnerabilities
is null in the artifact.
What is the expected correct behavior?
Dependency scanning loading correctly.
Possible fixes
Root cause of bug is fixed already: gitlab-org/security-products/analyzers/common@34fb051d
Now we need to update the analyzers to use common@v2.0.2
.