Secret Analyzer fails when no leak in repo
Summary
The Secrets Analyzer for GitLab SAST fails when no secrets are detected.
The issue originates from Gitleaks integration.
Steps to reproduce
Run SAST against a project that doesn't leak any secret.
What is the current bug behavior?
The Secret Analyzer fails when trying to parse the output of Gitleaks:
Couldn't parse the Gitleaks report: EOF
Gitleaks analysis failed: EOF
What is the expected correct behavior?
It should pass and report no vulnerabilities.
Relevant logs and/or screenshots
https://gitlab.com/gitlab-org/security-products/analyzers/secrets/-/jobs/173149604
The bug was present prior to the code refactoring:
https://gitlab.com/gitlab-org/security-products/analyzers/secrets/-/jobs/173158926
Possible fixes
Don't parse the output of gitleaks when the exit code is 0; there's no such output in that case.
See https://github.com/zricethezav/gitleaks/blob/v1.24.0/main.go#L353
This is not a regression because this analyzer is introduced in %11.9 which has not yet been published.