Bugfix: Resolve error on Mac OS X and sbt >= 1.4.0

What does this MR do?

This MR fixes a bug that occurs when running the registry.gitlab.com/security-products/spotbugs Docker image (containing sbt >= 1.4.0) on Mac OS X which results in spotbugs failing to produce a gl-sast-report.json and exiting with status code 2.

What are the relevant issue numbers?

spotbugs Docker image fails on Mac OS when usin... (gitlab-org/gitlab#490805 - closed) • Unassigned • 17.5

Testing

Tested on Mac OS X since it's not possible to reproduce this bug on CI

Before this change:

Spotbugs fails with exit status 2 when scanning qa/fixtures/scala:

$ docker pull registry.gitlab.com/security-products/spotbugs:5.4.0
$ git clone git@gitlab.com:gitlab-org/security-products/analyzers/spotbugs.git && cd spotbugs
$ docker run -it --rm -v "$PWD/qa/fixtures/scala:/ci-project-dir" \
  -e CI_PROJECT_DIR=/ci-project-dir \
  -e SECURE_LOG_LEVEL=debug registry.gitlab.com/security-products/spotbugs:5.4.0

[INFO] [Spotbugs] [2024-09-18T00:49:42Z] [/go/src/app/project/builder.go:190] ▶ Building SBT project at /ci-project-dir.
<snip>
[FATA] [Spotbugs] [2024-09-18T00:50:01Z] [/go/src/app/main.go:35] ▶ exit status 2

After this change:

Spotbugs successfully scans qa/fixtures/scala:

$ docker pull registry.gitlab.com/gitlab-org/security-products/analyzers/spotbugs:490805-fix-mac-os-x-sbt-bug
$ git clone git@gitlab.com:gitlab-org/security-products/analyzers/spotbugs.git && cd spotbugs
$ docker run -it --rm -v "$PWD/qa/fixtures/scala:/ci-project-dir" \
  -e CI_PROJECT_DIR=/ci-project-dir \
  -e SECURE_LOG_LEVEL=debug registry.gitlab.com/gitlab-org/security-products/analyzers/spotbugs:490805-fix-mac-os-x-sbt-bug

[INFO] [Spotbugs] [2024-09-18T01:58:14Z] [/go/src/app/project/builder.go:190] ▶ Building SBT project at /ci-project-dir.

[DEBU] [Spotbugs] [2024-09-18T02:00:59Z] [/go/src/app/utils/utils.go:91] ▶ command: /opt/asdf/shims/sbt --info compile --batch -Dsbt.server.forcestart=true

<snip>

[INFO] [Spotbugs] [2024-09-18T02:00:59Z] [/go/src/app/project/builder.go:196] ▶ Project built.

<snip>

[INFO] [Spotbugs] [2024-09-18T02:01:19Z] [/go/src/app/analyze.go:207] ▶ SpotBugs analysis succeeded for /ci-project-dir!

[INFO] [Spotbugs] [2024-09-18T02:01:19Z] [/go/pkg/mod/gitlab.com/gitlab-org/security-products/analyzers/command/v3@v3.1.0/run.go:189] ▶ Creating report

Does this MR meet the acceptance criteria?

• Changelog entry added
• Documentation created/updated for GitLab EE, if necessary
• Documentation created/updated for this project, if necessary
• Documentation reviewed by technical writer or follow-up review issue created
• Tests updated/added for this feature/bug
• Job definition updated, if necessary
  • Auto-DevOps template
  • Job definition example
  • CI Templates
• Conforms to the code review guidelines
• Conforms to the Go guidelines
• Security reports checked/validated by reviewer