make the trivy parser not error out when receiving an empty file

Author: northdpole

components/scanners/trivy/internal/transformer/transformer.go

@@ -126,7 +126,10 @@ func (g *trivyTransformer) Transform(ctx context.Context) ([]*ocsf.Vulnerability
 		}
 		return nil, errors.Errorf("failed to read raw output file '%s': %w", g.rawOutFilePath, err)
 	}
-
+	if len(b) == 0 {
+		logger.Info("input file is empty, exiting without findings")
+		return []*ocsf.VulnerabilityFinding{}, nil
+	}
 	var report sarifschemav210.SchemaJson
 	if err := report.UnmarshalJSON(b); err != nil {
 		return nil, errors.Errorf("failed to parse raw trivy output: %w", err)

components/scanners/trivy/internal/transformer/transformer_test.go

@@ -3,6 +3,7 @@ package transformer_test
 import (
 	"context"
 	_ "embed"
+	"os"
 	"testing"
 	"time"
 
@@ -222,4 +223,20 @@ func TestTrivyTransformer_Transform(t *testing.T) {
 			assert.NotNilf(t, affectedCode.EndLine, "Unexpected nil end line for vulnerability for finding %d", idx)
 		}
 	})
+	t.Run("it should return an empty finding array when the input file is empty", func(t *testing.T) {
+		emptyFilePath := "./testdata/empty_trivy.sarif.json"
+		require.NoError(t, os.WriteFile(emptyFilePath, []byte{}, 0644))
+		defer func() { require.NoError(t, os.Remove(emptyFilePath)) }()
+
+		ocsfTransformer, err := transformer.New(
+			transformer.TrivyRawOutFilePath(emptyFilePath),
+			transformer.TrivyTransformerWithTarget(transformer.TargetTypeContainer),
+			transformer.TrivyTransformerWithClock(clock),
+		)
+		require.NoError(t, err)
+
+		findings, err := ocsfTransformer.Transform(ctx)
+		require.NoError(t, err)
+		assert.Empty(t, findings, "Expected no findings for an empty input file")
+	})
 }