Skip to content

Return None for vulnerable_dependencies when SBOM is missing #110

Description

@ashsong-nv

Currently the vulnerable dependency check is skipped when the SBOM is missing or empty. However, this returns empty vulnerable_sbom_packages by default which can lead to ambiguity about whether there were no vulnerable packages, or whether VDC was skipped. This issue is for returning None for the parent vulnerable_dependencies field to match behavior in PR #109 when the VDC is skipped.

Metadata

Metadata

Assignees

Labels

enhancementNew feature or request

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions