fix: Allow checkov job to succeed when no matches are found
What
This change allows the checkov job to succeed when no passing tests are found.
I believe this is the intention of this task, but an alternative is to
use jq to match against json output from checkov to check for
failures.
e.g.
jq --exit-status '.failed > 0 or .parsing_errors > 0'This would return a non-zero exit code we can use to test for failure if required.
Why
When checkov is run, if no rules match then there is no output,
which can be seen in the results_cli.txt output file. This causes
the grep to fail, which causes the job to fail, even though we have
no failing results.