Change gemnasium to error when findings found and add "Job succeeded and there were findings" exit code
Problem to solve
For consistency across Dependency Scanning analyzers, gemnasium needs to be changed so that it exits with a non-zero exit code when the scan is successful and vulnerabilities are found, as documented in #324634 (closed).
This behavior is enabled by a new environment variable documented in #324634 (closed).
This analyzer does NOT rely on the command
Go package to implement its run
command. The run
command is implemented in the main.go
of the Go project.
Proposal
-
Remove dependency on common package (this is needed to complete #301127 (closed)) -
Change the Run
function defined inmain.go
to implemented the new behavior, similar to #324946 (closed)
Documentation
Covered by #301133 (closed)
Testing
-
Update Secure test projects used for this analyzer project, so that the exit codes are tested
Other links/references
Edited by Adam Cohen