Snyk --print-deps coupled with --json yields an error when passed to snyk-to-html

Question

Snyk --print-deps coupled with --json yields an error when passed to snyk-to-html

huornlmj opened this issue 3 years ago · comments

I need to have the full list of components displayed in the snyk-to-html report regardless of whether any of them have vulnerabilities or not.

When I run snyk test --print-deps --json > results.json and then run snyk-to-html -i results.json -o results.html, I get this error:

The source provided is not a valid json! Please validate that the input provided to the CLI is an actual JSON

I open the results.json file and see the following:

--print-deps --json option not yet supported for large projects. Displaying graph json output instead

{

"schemaVersion": "1.2.0",

"pkgManager": {
"name": "gomodules"
},
etc, etc, etc

So I manually removed the first line (1) and try again and I get the same error again:

The source provided is not a valid json! Please validate that the input provided to the CLI is an actual JSON

As far as I can see it is valid JSON.

Jakub Mikulas · Answer 1 · Mon Jun 21 2021 18:14:17 GMT+0800 (China Standard Time)

When you run a CLI command with "--print-deps" flag, it will output a JSON of your dependency tree before the test result. Resulting in an invalid JSON on stdout. The snyk-to-html package is expecting a test result (and also a valid JSON) and can't process the raw dependency tree and it'll fail because of unrecognized output.

If you drop the --print-deps flag, this setup should work.

Jakub Mikulas · Answer 2 · Sun Jul 04 2021 04:14:12 GMT+0800 (China Standard Time)

Also, since Snyk version https://github.com/snyk/snyk/releases/tag/v1.643.0 we removed the strings that were previously printed on stdout and were mangling the JSON output.