Do not fail if dependencies can't be detected due to network failure
If there is a network failure, dependency_cves
variable can be an unset variable. This will cause cve_count
variable to be undefined too (because jq
's length function won't default to 0
), and since we only check for equality with 0
, this will result in the dependency to be marked as Vulnerable
.
Example pipelines: https://dev.gitlab.org/gitlab/omnibus-gitlab/-/jobs/7182470, https://dev.gitlab.org/gitlab/omnibus-gitlab/-/jobs/7181559
Edited by Balasankar 'Balu' C