Do not fail if dependencies can't be detected due to network failure (!8) · Merge requests · GitLab.org / security-products / gitlab-depscan

Balasankar 'Balu' C requested to merge handle-network-failures into master Mar 27, 2020

If there is a network failure, dependency_cves variable can be an unset variable. This will cause cve_count variable to be undefined too (because jq's length function won't default to 0), and since we only check for equality with 0, this will result in the dependency to be marked as Vulnerable.

Example pipelines: https://dev.gitlab.org/gitlab/omnibus-gitlab/-/jobs/7182470, https://dev.gitlab.org/gitlab/omnibus-gitlab/-/jobs/7181559

Edited Mar 28, 2020 by Balasankar 'Balu' C

Do not fail if dependencies can't be detected due to network failure

Merge request reports