Security Report parser failure - Missing `location` attribute in dependency scanning vulnerability

location is a required property for vulnerability data, however it appears to be missing in some cases, breaking our ~"dependency scanning" parser. This should be investigated.

https://gitlab.com/gitlab-org/gitlab-ee/blob/11-11-stable-ee/ee/lib/gitlab/ci/parsers/security/dependency_scanning.rb#L16

def create_location(location_data)
            ::Gitlab::Ci::Reports::Security::Locations::DependencyScanning.new(
              file_path: location_data['file'],
              package_name: location_data.dig('dependency', 'package', 'name'),
              package_version: location_data.dig('dependency', 'version'))
          end

https://sentry.gitlab.net/gitlab/gitlabcom/issues/740093/

NoMethodError: undefined method `[]' for nil:NilClass
  gitlab/ci/parsers/security/dependency_scanning.rb:16:in `create_location'
    file_path: location_data['file'],
  gitlab/ci/parsers/security/common.rb:53:in `create_vulnerability'
    location: create_location(data['location']),
  gitlab/ci/parsers/security/common.rb:15:in `block in parse!'
    create_vulnerability(report, vulnerability, report_data["version"])
  gitlab/ci/parsers/security/common.rb:14:in `each'
    collate_remediations(report_data).each do |vulnerability|
  gitlab/ci/parsers/security/common.rb:14:in `parse!'
    collate_remediations(report_data).each do |vulnerability|
...
(76 additional frame(s) were not displayed)

NoMethodError: undefined method `[]' for nil:NilClass
Edited by Olivier Gonzalez