Add nil check for ScaResults when SCA scan is not performed in audit (#519)

Author: kerenr-jfrog

utils/results/common.go

@@ -80,6 +80,9 @@ func CheckIfFailBuild(auditResults *SecurityCommandResults) (bool, error) {
 func checkIfFailBuildConsideringApplicability(target *TargetResults, entitledForJas bool, shouldFailBuild *bool) error {
 	jasApplicabilityResults := target.JasResults.GetApplicabilityScanResults()
 
+	if target.ScaResults == nil {
+		return nil
+	}
 	// Get new violations from the target
 	newViolations := target.ScaResults.Violations
 

utils/results/common_test.go

@@ -169,6 +169,20 @@ func TestViolationFailBuild(t *testing.T) {
 			},
 			expectedResult: true, // Should fail because second target has a violation that should fail
 		},
+		{
+			name: "no sca results - build should not fail",
+			auditResults: &SecurityCommandResults{
+				EntitledForJas: true,
+				Targets: []*TargetResults{
+					{
+						ScanTarget: ScanTarget{Target: "test-target"},
+						ScaResults: nil,
+						JasResults: &JasScansResults{},
+					},
+				},
+			},
+			expectedResult: false,
+		},
 	}
 
 	for _, test := range tests {