From 74dd7fc7ffe423111c02c176416598a48fb954d9 Mon Sep 17 00:00:00 2001
From: Mahak <mahakkularia@gmail.com>
Date: Thu, 26 Mar 2026 18:14:34 +0530
Subject: [PATCH] Fix: handle empty response in bulk_search_by_purl to prevent
 crash

---
 scanpipe/pipes/vulnerablecode.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/scanpipe/pipes/vulnerablecode.py b/scanpipe/pipes/vulnerablecode.py
index 6c6073b5d0..428e7236a4 100644
--- a/scanpipe/pipes/vulnerablecode.py
+++ b/scanpipe/pipes/vulnerablecode.py
@@ -223,6 +223,8 @@ def fetch_vulnerabilities(
 
     for purls_batch in chunked(get_purls(packages), chunk_size):
         response_data = bulk_search_by_purl(purls_batch)
+        if not response_data:
+            continue
         for vulnerability_data in response_data:
             vulnerabilities_by_purl[vulnerability_data["purl"]] = vulnerability_data