From 5cf57382cc75cbb6ad545d1dea39ea12ada5f914 Mon Sep 17 00:00:00 2001
From: Eran Turgeman <erant@jfrog.com>
Date: Sun, 17 May 2026 16:27:30 +0300
Subject: [PATCH] fix nil pointer issue

---
 policy/enforcer/policyenforcer.go | 2 +-
 utils/results/results.go          | 5 ++++-
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/policy/enforcer/policyenforcer.go b/policy/enforcer/policyenforcer.go
index 279ed46b0..43c68cb61 100644
--- a/policy/enforcer/policyenforcer.go
+++ b/policy/enforcer/policyenforcer.go
@@ -264,7 +264,7 @@ func locateBomVulnerabilityInfo(cmdResults *results.SecurityCommandResults, issu
 				if affected.Ref == impactedComponent.BOMRef {
 					// Found the relevant component in a vulnerability
 					relevantVulnerability = &vulnerability
-					contextualAnalysis = results.GetCveApplicabilityField(vulnerability.BOMRef, target.JasResults.ApplicabilityScanResults)
+					contextualAnalysis = results.GetCveApplicabilityField(vulnerability.BOMRef, target.JasResults.GetApplicabilityScanResults())
 					break
 				}
 			}
diff --git a/utils/results/results.go b/utils/results/results.go
index 8bd309d11..8cb83ef0c 100644
--- a/utils/results/results.go
+++ b/utils/results/results.go
@@ -677,7 +677,10 @@ func (ssr *ScaScanResults) HasFindings() bool {
 	return ssr.Sbom != nil && ssr.Sbom.Vulnerabilities != nil && len(*ssr.Sbom.Vulnerabilities) > 0
 }
 
-func (jsr *JasScansResults) GetApplicabilityScanResults() (results []*sarif.Run) {
+func (jsr *JasScansResults) GetApplicabilityScanResults() []*sarif.Run {
+	if jsr == nil {
+		return nil
+	}
 	return jsr.ApplicabilityScanResults
 }