display security and compliance scanner output for triage upon catching non-zero exit codes

Release notes

Provide conditional visibility for allowed-to-fail security and compliance scanners. Currently, SECURE_LOG_LEVEL needs to be set to 'debug' to provide output of each analyzer run.

Problem to solve

As a build engineer, I want to identify and diagnose scanner errors without initiating another build with debug flags set, so I can more quickly identify those as well as identify root causes for transient failures by analysing run history.

Intended users

• Cameron (Compliance Manager)
• Devon (DevOps Engineer)
• Sam (Security Analyst)
• Rachel (Release Manager)
• Alex (Security Operations Engineer)

User experience goal

User should be able to see scanner output in the stage output.

Proposal

If a scanner has a non-zero exit code, provide analyzer console output.

Further details

Permissions and Security

Documentation

Availability & Testing

What does success look like, and how can we measure that?

What is the type of buyer?

Is this a cross-stage feature?

Links / references