Snyk --print-deps coupled with --json yields an error when passed to snyk-to-html
huornlmj opened this issue · comments
I need to have the full list of components displayed in the snyk-to-html report regardless of whether any of them have vulnerabilities or not.
When I run snyk test --print-deps --json > results.json
and then run snyk-to-html -i results.json -o results.html
, I get this error:
The source provided is not a valid json! Please validate that the input provided to the CLI is an actual JSON
I open the results.json file and see the following:
- --print-deps --json option not yet supported for large projects. Displaying graph json output instead
- {
- "schemaVersion": "1.2.0",
- "pkgManager": {
"name": "gomodules"
- },
etc, etc, etc
So I manually removed the first line (1) and try again and I get the same error again:
The source provided is not a valid json! Please validate that the input provided to the CLI is an actual JSON
As far as I can see it is valid JSON.
When you run a CLI command with "--print-deps" flag, it will output a JSON of your dependency tree before the test result. Resulting in an invalid JSON on stdout. The snyk-to-html package is expecting a test result (and also a valid JSON) and can't process the raw dependency tree and it'll fail because of unrecognized output.
If you drop the --print-deps flag, this setup should work.
Also, since Snyk version https://github.com/snyk/snyk/releases/tag/v1.643.0 we removed the strings that were previously printed on stdout and were mangling the JSON output.