Add null check to dependency_files comparison
What does this MR do?
SAST reports don't have dependency_files so we should allow this field to be nullified, see https://stedolan.github.io/jq/manual/
Fixes regression introduced with !150 (merged)
What are the relevant issue numbers?
Does this MR meet the acceptance criteria?
Edited by Lucas Charles