[🐛] snyk2spdx crashes given a manifest with no vulnerabilities

[carwin]

• node -v: 17.9.0
• npm -v: 8.5.5
• OS: macOS
• Command run: npx snyk2spdx

When snyk2spdx is run against a project that reports no vulnerabilities, the script fails. The example in the reproducible steps use the grafana/grafana repository, but this should be the same with any other project.

Expected behaviour

snyk2spdx should complete without errors when given a manifest with no vulnerabilities.

Actual behaviour

snyk2spdx crashes given a manifest with no vulnerabilities

Steps to reproduce

$ git clone https://github.com/grafana/grafana && cd grafana/ && snyk test --all-projects --json | DEBUG=snyk* npx snyk2spdx | jq

Debug log

  snyk:generate-data-script ℹ️  Options: {"_":[],"$0":"snyk2spdx"} +0ms
  snyk:generate-data-script ℹ️  Got input +54s
  snyk:generate-data-script creating date +0ms
  snyk:generate-data-script 2022-04-03T10:26:50Z +1ms
  snyk:generate-data-script Failed to generate data.
  snyk:generate-data-script Cannot read properties of undefined (reading 'filter') +1ms
ERROR! Failed to convert to SPDX. Try running with `DEBUG=snyk* <command> for more info`.
ERROR: TypeError: Cannot read properties of undefined (reading 'filter')

[lili2311]

hi @carwin thanks for raising this issue, currently --all-projects is not supported see https://github.com/snyk-tech-services/snyk2spdx#notice. Please run on each project individually