Fix bug - Short circuit when no dependabot alerts exist!

advanced-security / dependabot-epss-action

Action to detect if any open :dependabot: Dependabot alert CVEs exceed an EPSS threshold and fail the workflow.

MIT License

2 stars 1 forks source link

Fix bug - Short circuit when no dependabot alerts exist! #4

Closed leonsparrowJM closed 2 months ago

leonsparrowJM commented 2 months ago

This is a fix for:

SecDevOps---CondaDependabot Dependabot CVEs Count: 0 ForEach-Object: /home/runner/work/_actions/advanced-security/dependabot-epss-action/v0/action.ps1:136 Line | 136 | … = $Dependabot_AlertsCVEs | ForEach-Object { $epssHash[$] } | Where … | ~~~~~~~~ | Index operation failed; the array index evaluated to null. Error: Process completed with exit code 1.

To stop the process from erroring out if no CVEs exist.

leonsparrowJM commented 2 months ago

addresses #3

leonsparrowJM commented 2 months ago

Aye, it would be nice to cover all the repos in our org with this safety check, some are very small repos.