IaC secrets scan fails with "Error: File results.json does not exist" when vulnerability database is not available

[martinmigasiewicz-tomtom]

When running the Veracode IaC/Secrets Scanning workflow and the vulnerability database is not accessible, we get a strange results.json not found error:

Run veracode/container_iac_secrets_scanning@d368191f90c333e5467672cb4ad2510e7adf09cf
check if we run on a pull request
We don't run on a PR
Install command :cd ..;mkdir veracode-cli; cd veracode-cli; curl -fsS https://tools.veracode.com/veracode-cli/install | sh
#=#=#                                                                         

                                                                           0.0%
                                                                           0.1%
                                                                           0.5%
#                                                                          2.0%
####                                                                       6.4%
########                                                                  11.8%
#################                                                         24.1%
#########################                                                 35.9%
##################################                                        48.0%
###########################################                               60.0%
##################################################                        69.6%
##########################################################                81.7%
#####################################################################     96.1%
######################################################################## 100.0%
Installing Veracode CLI...
Checking prerequisites...
Downloading veracode-cli_2.29.0_linux_x86.tar.gz...
==> copying files into "/home/runner/_work/veracode/veracode-cli"

=============================== SUCCESS ========================================

The Veracode CLI is now installed!

If you do not have a Veracode API ID and Secret Key, navigate to 
https://analysiscenter.veracode.com/auth/index.jsp#APICredentialsGenerator
to generate your API credentials and then configure them against the
Veracode CLI using the following command:

/home/runner/_work/veracode/veracode-cli/veracode configure


Scan command :../veracode-cli/veracode scan --source ./ --type directory --format json --output results.json 
Could not load vulnerability database: unable to update vulnerability database: unable to download db: stream error: stream ID 1; INTERNAL_ERROR; received from peer

Scan command :../veracode-cli/veracode scan --source ./ --type directory --format table --output results.txt 

Scan command :../veracode-cli/veracode sbom --source ./ --type directory --format cyclonedx-xml --output sbom_cyclonedx_xml.xml 

Scan command :../veracode-cli/veracode sbom --source ./ --type directory --format cyclonedx-json --output sbom_cyclonedx_json.json 

Scan command :../veracode-cli/veracode sbom --source ./ --type directory --format spdx-tag-value --output sbom_spdx_tag_value.json 

Scan command :../veracode-cli/veracode sbom --source ./ --type directory --format spdx-json --output sbom_spdx_json.json 

Scan command :../veracode-cli/veracode sbom --source ./ --type directory --format github --output sbom_github.json 

Artifact name is valid!
Root directory input is valid!
All functions completed in parallel
/home/runner/_work/_actions/veracode/container_iac_secrets_scanning/d368191f90c333e5467672cb4ad2510e7adf09cf/dist/index.js:3721
            throw new Error(`File ${file} does not exist`);
                  ^

Error: File results.json does not exist
    at getUploadZipSpecification (/home/runner/_work/_actions/veracode/container_iac_secrets_scanning/d368191f90c333e5467672cb4ad2510e7adf09cf/dist/index.js:3721:19)
    at /home/runner/_work/_actions/veracode/container_iac_secrets_scanning/d368191f90c333e5467672cb4ad2510e7adf09cf/dist/index.js:3578:91
    at Generator.next (<anonymous>)
    at /home/runner/_work/_actions/veracode/container_iac_secrets_scanning/d368191f90c333e5467672cb4ad2510e7adf09cf/dist/index.js:3559:71
    at new Promise (<anonymous>)
    at __webpack_modules__.6219.__awaiter (/home/runner/_work/_actions/veracode/container_iac_secrets_scanning/d368191f90c333e5467672cb4ad2510e7adf09cf/dist/index.js:3555:[12](https://github.com/***/veracode/actions/runs/10393852136/job/28782316956#step:3:13))
    at uploadArtifact (/home/runner/_work/_actions/veracode/container_iac_secrets_scanning/d368191f90c333e5467672cb4ad2510e7adf09cf/dist/index.js:3575:12)
    at DefaultArtifactClient.<anonymous> (/home/runner/_work/_actions/veracode/container_iac_secrets_scanning/d368[19](https://github.com/***/veracode/actions/runs/10393852136/job/28782316956#step:3:20)1f90c333e5467672cb4ad2510e7adf09cf/dist/index.js:[20](https://github.com/***/veracode/actions/runs/10393852136/job/28782316956#step:3:21)92:61)
    at Generator.next (<anonymous>)
    at /home/runner/_work/_actions/veracode/container_iac_secrets_scanning/d368191f90c333e5467672cb4ad[25](https://github.com/***/veracode/actions/runs/10393852136/job/28782316956#step:3:26)10e7adf09cf/dist/index.js:2058:71

[veraakarthikbharadwaj]

The latest version of Veracode CLI should fix this problem. The Update CLI yml file inside this repo would auto download the latest version of Veracode CLI everyday. Can you reverify if the above issue still exist by triggering a IaC scan again ?