IaC SARIF upload fails, when result properties kind is empty (maybe empty result set) #1530
Description
Original Issue: https://gitlab.opencode.de/l3montree/devguard-ci-components/-/issues/4
I have a couple of Kubernetes Ressources defined in my Project under https://gitlab.opencode.de/ig-bvc/policy-entwicklung/richtlinien-umsetzung-stackrox/-/tree/dev/policies-as-code?ref_type=heads.
They are CRDs but anyway I wanted to see, if the IaC Scanner would report anything.
But the IaC Scan errors out, when uploading the SARIF Report. I guess this is because the scanner does not detect anything and thus does not create a SARIF file, which then cannot be uploaded. I have too less knowledge to debug devguard-scanner, so it is just a wild guess.
It would be great, if this error could be handled, i.e. no upload if no file is there with a warning or something. or a clear error, that no IAC resources where found while scanning.
$ devguard-scanner iac --assetName="@opencode/projects/policy-entwicklung/assets/richtlinien-umsetzung-stackrox" --apiUrl="https://api.devguard.opencode.de" --token="$DEVGUARD_TOKEN" --path="$CI_PROJECT_DIR" --defaultRef="$CI_DEFAULT_BRANCH" --ref="$CI_COMMIT_REF_NAME" --isTag="$(if [ "$CI_COMMIT_TAG" != "" ]; then echo "true"; else echo "false"; fi)" --webUI=https://devguard.opencode.de
2:21PM INF commands/iac.go:38 Starting iac scanning path=/builds/ig-bvc/policy-entwicklung/richtlinien-umsetzung-stackrox
2:22PM INF commands/sarif.go:243 Completed code scan scannerID=iac
2:22PM INF commands/sarif.go:266 Uploading SARIF report scannerID=iac
Error: could not scan file: 400 Bad Request "invalid value (expected one of []interface {}{\"notApplicable\", \"pass\", \"fail\", \"review\", \"open\", \"informational\"}): \"\""