Bugfix For Empty Vulnerabilities Output File When Vulnerabilities Exist

What does this MR do?

It fixed a bug where the output file for nodejs-scan will always contain no vulnerabilities when vulnerabilities exist. In this section of code, err will be nil when there is no output to stderr from the cmd execution. This will not match the assertion that err is of type ExitError causing ok to be false. Even if the cmd execution doesn't find any vulnerabilities, it will still create a file with the appropriate JSON. This means there is no need to create a new empty report file.

output, err := cmd.CombinedOutput()
log.Debugf("%s\n%s", cmd.String(), output)

if exitErr, ok := err.(*exec.ExitError); ok {
	if exitErr.Sys().(syscall.WaitStatus).ExitStatus() == 1 {
		return os.Open(reportPath)
	}
	return nil, exitErr
}

// no vulnerabilities found so return an empty njsscan report
return ioutil.NopCloser(bytes.NewReader([]byte(njsscanEmptyReport))), nil

What are the relevant issue numbers?

N/A

Does this MR meet the acceptance criteria?

• Changelog entry added
• Documentation created/updated for GitLab EE, if necessary
• Documentation created/updated for this project, if necessary
• Documentation reviewed by technical writer or follow-up review issue created
• Tests added for this feature/bug
• Job definition updated, if necessary
  • Auto-DevOps template
  • Job definition example
  • CI Templates
• Conforms to the code review guidelines
• Conforms to the Go guidelines
• Security reports checked/validated by reviewer