Merge pull request #103 from exasol/kaklakariada/issue102

doc/changelog.rst

@@ -6,6 +6,10 @@
 Unreleased
 ==========
 
+🐞 Fixed
+--------
+* Fix failing vulnerability issue creator when Maven report does not contain "vulnerable" entry
+
 🔧 Changed
 ----------
 

exasol/toolbox/tools/security.py

@@ -87,7 +87,7 @@ def gh_security_issues() -> Generator[Tuple[str, str], None, None]:
 def from_maven(report: str) -> Iterable[Issue]:
     # Note: Consider adding warnings if there is the same cve with multiple coordinates
     report = json.loads(report)
-    dependencies = report["vulnerable"]  # type: ignore
+    dependencies = report.get("vulnerable", {})  # type: ignore
     for _, dependency in dependencies.items():  # type: ignore
         for v in dependency["vulnerabilities"]:  # type: ignore
             references = [v["reference"]] + v["externalReferences"]

test/unit/security_test.py

@@ -354,3 +354,8 @@ def test_convert_maven_input(maven_report):  # pylint: disable=redefined-outer-n
     }
     actual = set(security.from_maven(maven_report))
     assert actual == expected
+
+
+def test_convert_maven_input_no_vulnerable():  # pylint: disable=redefined-outer-name
+    actual = set(security.from_maven("{}"))
+    assert len(actual) == 0