enricher-aggregator fails if there are no findings - Githubissues

ocurity / dracon

Security scanning & static analysis tool - forked and rewritten from @thought-machine/dracon

https://smithy.security

Apache License 2.0

73 stars 12 forks source link

enricher-aggregator fails if there are no findings #175

Closed linear[bot] closed 2 months ago

linear[bot] commented 4 months ago

The enricher-aggregator fails if there are no enriched findings, or in general, no findings. It shouldn't fail the whole pipeline.

It fails, because the previous enrichers had nothing to enrich, and as such, the enriched output file path doesn't exist:

https://github.com/ocurity/dracon/blob/ca533cd86b19648d372a727c7261e699c4e23dd6/pkg/putil/load.go#L98-L99

Desired Result

Enrichers should always write results
If there are no findings, an empty enriched results with 0 findings should be written
~~Ensure we can somewhat enforce this, i.e. during development etc. a warning is raised if you don't always write~~
- ~~e.g. via a hook?~~
- ~~e.g. via a semgrep rule?~~
- -> This will be tackled later, as part of an improved SDK
Switch over all existing enrichers to follow this principle

Follow-Up

[X] Go through all other stages (producers, source) and check they also always write something