fix: log errors during SPDX snyk enrich (#52)

snyk · Feb 5, 2024 · cb1c7c5 · cb1c7c5
1 parent bcd1448
commit cb1c7c5
Showing 1 changed file with 19 additions and 10 deletions.
diff --git a/lib/snyk/enrich_spdx.go b/lib/snyk/enrich_spdx.go
@@ -69,17 +69,26 @@ func enrichSPDX(bom *spdx.Document, logger zerolog.Logger) *spdx.Document {
 			}
 
 			resp, err := GetPackageVulnerabilities(purl, auth, orgID)
+			if err != nil {
+				logger.Err(err).
+					Str("purl", purl.ToString()).
+					Msg("Failed to fetch vulnerabilities for package.")
+				return
+			}
+
+			packageData := resp.Body
+			var packageDoc issues.IssuesWithPurlsResponse
+			if err := json.Unmarshal(packageData, &packageDoc); err != nil {
+				logger.Err(err).
+					Str("status", resp.Status()).
+					Msg("Failed to decode Snyk vulnerability response.")
+				return
+			}
 
-			if err == nil {
-				packageData := resp.Body
-				var packageDoc issues.IssuesWithPurlsResponse
-				if err := json.Unmarshal(packageData, &packageDoc); err == nil {
-					if packageDoc.Data != nil {
-						mutex.Lock()
-						vulnerabilities[pkg] = *packageDoc.Data
-						mutex.Unlock()
-					}
-				}
+			if packageDoc.Data != nil {
+				mutex.Lock()
+				vulnerabilities[pkg] = *packageDoc.Data
+				mutex.Unlock()
 			}
 		}(pkg, i)
 	}