Failure in parsing package.resolved file in new DS Analyzer

Summary

Customer reports an issue with scanning their iOS project. They receive an error message (see ZD ticket) when the analyzer is attempting to parse the package.resolved file.

Logs are contained in the Zendesk ticket linked above.

This issue has only been seen in user lockfiles when using internal libraries packages.

Follow up:

Steps to reproduce

Even a user has Package.resolved files without urls in their repo, it's not been reproduced on our side.

Proposal

If a url is missing fall back to the package name (lockfile version v1) or identity (v2).

Note

Because the full repo URL is used for both vulnerability and license scanning, packages missing the url will not be scanned. They will, however, show up in the Dependency List and ensure that a correct dependency graph is rendered.

Implementation plan

Update swift.packageName to use a fallback if location or repositoryURL is not found.