diff --git a/clients/osv.go b/clients/osv.go
index 01c98789..e265aa2b 100644
--- a/clients/osv.go
+++ b/clients/osv.go
@@ -56,7 +56,9 @@ func (v osvClient) ListUnfixedVulnerabilities(
 
 	response := VulnerabilitiesResponse{}
 
-	if err == nil { // No vulns found
+	// either no vulns found, or no packages detected by osvscanner, which likely means no vulns
+	// while there could still be vulns, not detecting any packages shouldn't be a runtime error.
+	if err == nil || errors.Is(err, osvscanner.NoPackagesFoundErr) {
 		return response, nil
 	}
 
diff --git a/clients/osv_test.go b/clients/osv_test.go
index 9784ffb2..a198d0ba 100644
--- a/clients/osv_test.go
+++ b/clients/osv_test.go
@@ -14,6 +14,7 @@
 package clients
 
 import (
+	"context"
 	"reflect"
 	"testing"
 )
@@ -46,3 +47,14 @@ func TestRemoveDuplicate(t *testing.T) {
 		})
 	}
 }
+
+func TestEmptyProject(t *testing.T) {
+	t.Parallel()
+	var client osvClient
+	var commit string
+	emptyDir := t.TempDir()
+	_, err := client.ListUnfixedVulnerabilities(context.Background(), commit, emptyDir)
+	if err != nil {
+		t.Fatalf("empty directory shouldn't throw an error: %v", err)
+	}
+}