Currently if the SBOM information is missing or empty, the default behavior is to skip the vulnerable dependency check and skip the agent. However, some users might want to configure the behavior, for example running the agent anyway. This issue is for exposing a config to customize the workflow behavior for missing/empty SBOMs.
Currently if the SBOM information is missing or empty, the default behavior is to skip the vulnerable dependency check and skip the agent. However, some users might want to configure the behavior, for example running the agent anyway. This issue is for exposing a config to customize the workflow behavior for missing/empty SBOMs.