Security Report parser failure - Missing `location` attribute in dependency scanning vulnerability
location
is a required property for vulnerability data, however it appears to be missing in some cases, breaking our ~"dependency scanning" parser. This should be investigated.
def create_location(location_data)
::Gitlab::Ci::Reports::Security::Locations::DependencyScanning.new(
file_path: location_data['file'],
package_name: location_data.dig('dependency', 'package', 'name'),
package_version: location_data.dig('dependency', 'version'))
end
https://sentry.gitlab.net/gitlab/gitlabcom/issues/740093/
NoMethodError: undefined method `[]' for nil:NilClass
gitlab/ci/parsers/security/dependency_scanning.rb:16:in `create_location'
file_path: location_data['file'],
gitlab/ci/parsers/security/common.rb:53:in `create_vulnerability'
location: create_location(data['location']),
gitlab/ci/parsers/security/common.rb:15:in `block in parse!'
create_vulnerability(report, vulnerability, report_data["version"])
gitlab/ci/parsers/security/common.rb:14:in `each'
collate_remediations(report_data).each do |vulnerability|
gitlab/ci/parsers/security/common.rb:14:in `parse!'
collate_remediations(report_data).each do |vulnerability|
...
(76 additional frame(s) were not displayed)
NoMethodError: undefined method `[]' for nil:NilClass
Edited by Olivier Gonzalez