Remove dangling scans even if there are no scannable sboms
What does this MR do and why?
There is a flaw in the remove_dangling_dependency_scans logic where it
is only executed if the pipeline contains at least one SBoM with
dependency_scanning results. This means that if none of the SBoMs can be
used to generate a security report, we end up with scans stuck in the
created state. This change fixes the issue by always removing dangling
scan recoreds.
References
- Relates to: #576248 (closed)
- Partially fixes: #580826
Screenshots or screen recordings
| Before | After |
|---|---|
How to set up and validate locally
MR acceptance checklist
Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Edited by Olivier Gonzalez