Dependency Scanning returns null instead of empty array
Summary
Dependency Scanning generates a report containing null instead of an empty array when there are no vulnerabilities.
This causes the loading of the Dependency Scanning report to fail in the Security tab of the pipelines.
This issue is the counterpart of #9290 (closed) for ~"dependency scanning".
Steps to reproduce
Create a project with a dependency_scanning job in its CI configuration, but no Dependancy Scanning vulnerabilities.
Example Project
https://gitlab.com/gitlab-org/security-products/tests/webgoat/-/jobs/143762507
What is the current bug behavior?
Generated gl-dependency-scanning-report.json file contains null.
What is the expected correct behavior?
Generated gl-dependency-scanning-report.json file contains [].
Possible fixes
This issue has been fixed in %11.7 but not backported to %11.6.
There's no automatic backport because dependency-scanning:11-7-stable is based on Dependency Scanning v2
(currently master branch) whereas dependency-scanning:11-6-stable is based on DS 1.x (v1 branch).