Skip to content

fix: resolve TypeError in SummaryReportPresenter (issue #108)#110

Merged
tembleking merged 4 commits into
masterfrom
fix/issue-108-scan-result-parsing
May 6, 2026
Merged

fix: resolve TypeError in SummaryReportPresenter (issue #108)#110
tembleking merged 4 commits into
masterfrom
fix/issue-108-scan-result-parsing

Conversation

@tembleking

Copy link
Copy Markdown
Member

Fixes the TypeError: Cannot read properties of undefined (reading 'name') crash in SummaryReportPresenter.getRulePkgMessage reported in #108.

The scan result JSON was being read by piping cat through @actions/exec stdout listeners. After upgrading the action runtime to Node.js 24, changes in stream/pipe error handling can cause incomplete stdout delivery for large files. Replace with fs.readFileSync since the scanner already writes to disk.

Additionally, scanner versions >= 1.25.0 introduced meta-packages (base OS distro, container image) in the JSON v1 output without layerRef/path fields. These were silently dropped, losing their vulnerabilities and any policy failures referencing them. The adapter now hydrates these packages with a nullable layer so they appear in policy failure reports.

The breaking change in the scanner output has been reported to the engineering team that maintains sysdig-cli-scanner for a proper fix on their side.

Closes #108

@tembleking tembleking requested a review from a team as a code owner May 6, 2026 13:07
tembleking added 4 commits May 6, 2026 15:26
The scan result JSON was read by shelling out to `cat` and capturing
stdout via @actions/exec listeners. Node.js 24 changed stream/pipe
error handling — errors previously swallowed silently now propagate,
which can cause incomplete stdout delivery for large JSON files.

Replace with fs.readFileSync since the scanner already writes to disk.
This eliminates the streaming/buffering layer entirely.

Closes #108
Remove non-null assertions (!) on packageRef/vulnerabilityRef lookups
in policy failure hydration. When a referenced package or vulnerability
cannot be resolved (e.g. incomplete scan result data), the failure is
skipped instead of passing undefined through to the presenter, which
would crash with TypeError: Cannot read properties of undefined.
Scanner v1.25.0 (SSPROD-61902) introduced meta-packages in the JSON v1
output representing the base OS distro and container image. These
entries lack layerRef and path fields, causing the adapter to skip them
entirely — losing their vulnerabilities and policy failure references.

Make Package.foundInLayer nullable so these packages can be hydrated.
They won't appear in "per layer" sections (they don't belong to any
layer) but will appear in policy failure reports.

Also bump the default cli-scanner-version to 1.26.0 (latest) to align
action.yml with SysdigCliScannerConstants.ts and README.md.

Ref: SSPROD-67963
@tembleking tembleking merged commit 607e6bc into master May 6, 2026
43 checks passed
@tembleking tembleking deleted the fix/issue-108-scan-result-parsing branch May 6, 2026 13:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

TypeError: Cannot read properties of undefined (reading 'name') in SummaryReportPresenter`

2 participants