You need to sign in or sign up before continuing.
SAST returns null instead of empty array
Summary
SAST generates a report containing null
instead of an empty array when there are no vulnerabilities.
This causes the loading of the SAST report to fail in the Security tab of the pipelines.
Steps to reproduce
Create a project with a sast
job in its CI configuration, but no SAST vulnerabilities.
Example Project
https://gitlab.com/gitlab-org/security-products/tests/js-npm/pipelines/43743195/security
What is the current bug behavior?
Generated gl-sast-report.json
file contains null
.
What is the expected correct behavior?
Generated gl-sast-report.json
file contains []
.
Possible fixes
Since it's been fixed in common v2.1.2, we should probably:
- backport to common v1
- update SAST dependencies
- publish new version of SAST
It's possibly a regression introduced in %11.6.
/cc @plafoucriere